diff options
55 files changed, 781 insertions, 741 deletions
diff --git a/contrib/gana b/contrib/gana -Subproject 63ab2f3c99c86334cc433450d7b99375ebf9d6b +Subproject e7103267008996a81bbcec6cc2997196d841a36 diff --git a/doc/poster/poster.pdf b/doc/poster/poster.pdf Binary files differindex fbfc6cd..a796d1c 100644 --- a/doc/poster/poster.pdf +++ b/doc/poster/poster.pdf diff --git a/doc/poster/poster.tex b/doc/poster/poster.tex index 6f3a1b0..1e92dcf 100644 --- a/doc/poster/poster.tex +++ b/doc/poster/poster.tex @@ -21,20 +21,29 @@ \maketitle \begin{multicols}{3} +\section{Stakeholders}\Large +%TODO fix arrows \setlength{\columnseprule}{0pt} +\begin{center} \includegraphics[width=0.3\textwidth]{overview} -\captionof{figure}{Stakeholders} +\end{center} \section{Motivation}\Large -Donations can often be deducted from taxes. To do so, donors must submit donation receipts to the tax authorities. Nowadays, donation receipts can only be checked with disproportionate effort. This is the reason why donation receipts are often not checked at all. Furthermore, donations are sensitive data that should be anonymized as much as possible. Even towards the tax authorities. For example, a donation to an AIDS aid organization can lead to conclusions that could be unpleasant for the donor. +Donations can often be deducted from taxes. To do so, the donor may need to present some sort of evidence in form of a receipt. The Donau system redefines the donation receipts as... +\begin{itemize} + \item \textbf{verifiable} through signatures to prevent fraud. + \item \textbf{simple} by composing the receipts from one donor. + \item \textbf{privacy friendly} through anonymization, pseudonymization and reducing the amount of information to a minimum. +\end{itemize} +The privacy of the donation of the donor can be important. For example, a donation to an AIDS aid organization can lead to conclusions that could be unpleasant for the donor. -<sequence diagram DONAU> +sequence diagram DONAU \section{Results from discussion} \section{What happens next?} -<QR-Code thesis> -<Taler Logos> +QR-Code thesis \\ +Taler Logos \end{multicols} \end{document} diff --git a/doc/thesis/chapters/crypto/crypto.tex b/doc/thesis/chapters/crypto/crypto.tex index c6a305d..ec90cb6 100644 --- a/doc/thesis/chapters/crypto/crypto.tex +++ b/doc/thesis/chapters/crypto/crypto.tex @@ -1 +1,3 @@ -\section{blinded signatures} +\section{Blinded Signatures} +\subsection{RSA Blind Signature Scheme} +\subsection{Clause Blind Schnorr Signature Scheme} diff --git a/doc/thesis/chapters/intro/abstract.tex b/doc/thesis/chapters/intro/abstract.tex index 52c86d4..13e98c2 100644 --- a/doc/thesis/chapters/intro/abstract.tex +++ b/doc/thesis/chapters/intro/abstract.tex @@ -1,6 +1,6 @@ \begin{abstract} This bachelor thesis describes and implements a theoretical concept of a donation authority system. The donation authority (Donau) is free software with a focus on privacy and anonymity and part of the GNU Taler project. It depends on the code of the GNU Taler environment, but is completely independent of the Taler payment system. An interview with a local tax authority was held to determine the current state of how donations are verified as well as the usability and possible adoption of a system like the Donau. -The Donau is operated by the tax authority and maintains a list of verified non-profit charities. The charities as well as the donors must be able to communicate with each other for the system to work. Upon making a donation to one of the charities the donor receives a so called "Donation receipt" which will be stored locally on the donor's device. Throughout this process neither the charity nor the Donau will optain any identifiable information thus making it anonymous. To make the donations tax deductable the donor needs to submit ther receipts to the Donau. Which in turn will combine the receipts in one final receipt called the "Donation statement". Upon request this will be sent to the donor in form of a QR-Code. This QR-Code can then be sent to the tax authority which verifies its validity and is then able to deduct the amount from the taxes. +The Donau is operated by the tax authority and maintains a list of verified non-profit charities. The charities as well as the donors must be able to communicate with each other for the system to work. Upon making a donation to one of the charities the donor receives a so called "donation receipt" which will be stored locally on the donor's device. Throughout this process neither the charity nor the Donau will optain any identifiable information thus making it anonymous. To make the donations tax deductable the donor needs to submit their receipts to the Donau which will combine the receipts in one final receipt called the "donation statement". Upon request the Donation Statement can be sent in to the tax auditors who verify its validity and are then able to deduct the amount from the taxes. \end{abstract} diff --git a/doc/thesis/chapters/intro/introduction.tex b/doc/thesis/chapters/intro/introduction.tex index e212d14..fca87d3 100644 --- a/doc/thesis/chapters/intro/introduction.tex +++ b/doc/thesis/chapters/intro/introduction.tex @@ -1,12 +1,12 @@ \section{Motivation} -To anonymously donate to a charity and have that donation be deducted from taxes is often not possible. Large enough donations done anonymously using cash may need to be verified (if requested) when attempting to deduct the donation from taxes. The donor would then have to present some sort of evidence in form of a receipt which would deanonymize his donation to the charity. Furthermore, this process can be time consuming, involving a disproportionate amount of effort for the tax authorities. +Donations can often be deducted from taxes. To do so, the donor may need to present some sort of evidence in form of a receipt. Donations receipts are often sensitive data, which may not want to be shared. To anonymously donate to a charity and bind the donation to the donor for tax deduction is not possible. Furthermore, the process of checking receipts can be time consuming and involves a disproportionate amount of effort for the tax authorities. It can also be annoying for donor, which have to find all the donation receipts of the year when the tax return is made. \section{Goals} The aim of this bachelor thesis is to assess the current situation in the area of donation deduction and to formulate and implement a solution for the problems described above. The main goals are the following: \begin{itemize} \item The Donau should enable donors to donate anonymously and still be able to deduct the amount from the taxes. - \item These donations should be verfiable by simply scanning a QR-Code + \item These donations should be verfiable by simply scanning a QR-Code. \item Great usability for both the donor and tax authorities to make the process as easy as possible. - \item Eliminate tax fraud with donations that where not actually made + \item Eliminate tax fraud with fake, expired or third-party donations. \end{itemize} diff --git a/doc/thesis/chapters/overview/overview.tex b/doc/thesis/chapters/overview/overview.tex index c7dfe1d..81e9332 100644 --- a/doc/thesis/chapters/overview/overview.tex +++ b/doc/thesis/chapters/overview/overview.tex @@ -7,25 +7,25 @@ The Donau\footnote{short for donation authority} environment includes three stak \node (image) at (0,0) {\includegraphics[width=0.1\textwidth]{stickman}}; \node at (0,-1.8) {Donor}; %arrow - \draw [-latex] (1,0) -- (7,0); + \draw (1,0) -- (7,0); %charity \node (image) at (8.5,0) {\includegraphics[width=0.15\textwidth]{charity}}; \node at (8.5,-1.1) {Charity}; %arrow - \draw [-latex] (7,-1) -- (5,-2.5); + \draw (7,-1) -- (5,-2.5); %server \node (image) at (4,-3) { \includegraphics[width=0.12\textwidth]{tax-authority}}; \node at (4,-4.1) {Tax Authority}; %arrow - \draw [-latex] (1,-1) -- (3,-2.5); + \draw (1,-1) -- (3,-2.5); \end{tikzpicture} \end{center} \caption{stakeholders} \label{fig:stakeholders} \end{figure} \subsection{Issuing Donation Receipts} -When donating to a charity the donor sends the payment together with a receipt request to the charity. In order to link the donation to the donor so that the donation receipt cannot be used by someone else, the donor's unique tax identification number is part of the receipt request. The tax id number does not cause a problem for anonymity as the hole receipt with the id number is blinded (see section 2.x). In the picture \ref{fig:issue receipt request} \pageref{fig:issue receipt request} the blinded receipt is illustrated as envelope. The charity must verify if the payment was successful and if the amount written in the receipt request is lower or equal the amount donated. Next, if the charity approves the receipt request, it signs the untouched request and forwards the request to the Donau. The Donau accepts only issue requests from verified charities. If this is the case, the Donau issues the actual donation receipt by signing the request. This is different from the current model where the charity issues the receipt. By shifting this task to the Donau the receipts can easily be verified and unlinks the donor from the charity which in turn provides anonymity for the donor opposite the Donau in this first step of issuing receipts. +When donating to a charity the donor sends the payment together with a receipt request to the charity. In order to link the donation to the donor so that the donation receipt cannot be used by someone else, the donor's unique tax identification number is part of the receipt request. The tax id number does not cause a problem for anonymity as the hole receipt with the id number is blinded (see section 2.x). In the picture \ref{fig:issue receipt request} \pageref{fig:issue receipt request} the blinded receipt is illustrated as an envelope. The charity must verify if the payment was successful and if the amount written in the receipt request is lower or equal the amount donated. Next, if the charity approves the receipt request, it signs the untouched request and forwards the request to the Donau. The Donau accepts only issue requests from verified charities. If this is the case, the Donau issues the actual donation receipt by signing the request. This is different from the current model where the charity issues the receipt. By shifting this task to the Donau, the receipts can easily be verified and unlinks the donor from the charity. Because the Donau does only know the amount and the charity it is signing for, this first step of issuing receipts provides anonymity for the donor opposite the Donau (and depending on how it was paid, also opposite the charity). \begin{figure}[ht] \begin{center} @@ -48,7 +48,7 @@ When donating to a charity the donor sends the payment together with a receipt r \caption{issue receipt request} \label{fig:issue receipt request} \end{figure} -Upon receiving the signed issue request from the charity, the Donau must verify the charity signature and check for any legal restrictions, such as a yearly donation limit \textbf{source!}. After successful verification the Donau creates a blinded donation receipt which is sent via charity to the Donor (see figure: \ref{fig:issue receipt response} \pageref{fig:issue receipt response}). The donor now unblinds the signature from the Donau to make it valid for the unblinded receipt (see section 2.x). The unblinded receipt gets saved on the donors device for later. This process repeats for every donation. At the end of the year the donor may have accumulated a bunch of these donation receipts. +Upon receiving the signed issue request from the charity, the Donau must verify the charity signature and checks that the yearly donation limit of a chairty is not exceeded. After successful verification the Donau creates a blinded donation receipt which is sent via charity to the Donor (see figure: \ref{fig:issue receipt response} \pageref{fig:issue receipt response}). The donor now unblinds the signature from the Donau to make it valid for the unblinded receipt (see section 2.x). The unblinded receipt gets saved on the donors device for later. This process repeats for every donation. At the end of the year the donor may have accumulated a bunch of these donation receipts. \begin{figure}[ht] \begin{center} @@ -72,23 +72,23 @@ Upon receiving the signed issue request from the charity, the Donau must verify \end{figure} \subsection{Summarize the Receipts} -When it is time for the tax declaration (usually at the beginning of the next year) the donor has to request a final donation statement signature from the Donau, summarizing all the donation receipts of a year (see figure: \ref{fig:summarize receipts} \pageref{fig:summarize receipts}). This step combines the amounts of the donation receipts in a single total amount. This protects the privacy of the donor because the individual donation amounts could be enough information to link with specific donations. The combination of the donation receipts makes it also easier for the manual verification besides the tax auditors. The statement signature is made besides the total amount, over the year and the tax id. The donation statement can be requested multiple times during the year for save keeping the donation receipts. The latest donation statement will always contain all the receipts of a year - the old receipts (from a previous statement) and the new donation receipts. +When it is time for the tax declaration (usually at the beginning of the next year) the donor has to request a final donation statement signature from the Donau, summarizing all the donation receipts of a year (see figure: \ref{fig:summarize receipts} \pageref{fig:summarize receipts}). This step combines the amounts of the donation receipts in a single total amount. This protects the privacy of the donor because the individual donation amounts could be enough information to link with specific donations. Merging donation receipts reduces the time and effort for the manual verification of the tax auditors. The statement signature is made besides the total amount, over the year and the tax id. The donation statement can be requested multiple times during the year for save keeping the donation receipts. The latest donation statement will always contain all the receipts of a year - the old receipts (from a previous statement) and the new donation receipts. \begin{figure}[ht] \begin{center} \begin{tikzpicture} \node (image) at (0,0) {\includegraphics[width=0.1\textwidth]{stickman}}; %receipt - \node[rectangle, text width=1.5cm, align=center,font=\tiny, draw=black!80, thick, inner sep=2pt, fill=white] at (3,0.9) {AHVN13: 7560001010000}; + \node[rectangle, text width=1.65cm, align=center,font=\tiny, draw=black!80, thick, inner sep=2pt, fill=white] at (3,0.9) {AHVN13: 7560001010000}; \node (image) at (3,0.9) {\includegraphics[width=0.04\textwidth]{red_wax}}; \node at (3,0.9) {\small{9}}; %receipt - \node[rectangle, text width=1.5cm, align=center,font=\tiny, draw=black!80, thick, inner + \node[rectangle, text width=1.65cm, align=center,font=\tiny, draw=black!80, thick, inner sep=2pt, fill=white] at (4,0.8) {AHVN13: 7560001010000}; \node (image) at (4,0.8) {\includegraphics[width=0.04\textwidth]{red_wax}}; \node at (4,0.8) {\small{1}}; %receipt - \node[rectangle, text width=1.5cm, align=center,font=\tiny, draw=black!80, thick, inner + \node[rectangle, text width=1.65cm, align=center,font=\tiny, draw=black!80, thick, inner sep=2pt, fill=white] at (5,0.7) {AHVN13: 7560001010000}; \node (image) at (5,0.7) {\includegraphics[width=0.04\textwidth]{red_wax}}; \node at (5,0.7) {\small{5}}; @@ -138,6 +138,6 @@ The tax auditors will not have any information to what charity the donor has don \subsection{Incorporating the Donau} -Every donor is related to only one specific Donau of his location where he is able to issue and submit donation receipts for deducting taxes. If a charity wants to be accepted in the multiple tax areas, it has to be registered by all the corresponding Donaus. To do so, the charities has to apply to the tax authority. The region for which a Donau responsible depends on the tax area of the tax authority and their reglementation of what is charitable. A Donau is maybe responsible for a geographical area like a canton, a country or even a confederation of states. Different Donaus must also be kept for different currencies, but this should not be a problem as most countries have a single currency. +Every donor is related to only one specific Donau of his location where he is able to issue and submit donation receipts for deducting taxes. If a charity wants to be accepted in the multiple tax areas, it has to be registered by all the corresponding Donaus. To do so, the charities has to apply to the tax authorities. The region for which a Donau is responsible depends on the tax area of the tax authority and their reglementation of what is charitable. A Donau is maybe responsible for a geographical area like a canton, a country or even a confederation of states. Different Donaus must also be kept for different currencies, but this should not be a problem as most countries have a single currency. diff --git a/doc/thesis/chapters/protocol/details.tex b/doc/thesis/chapters/protocol/details.tex index 33ebf82..47096c0 100644 --- a/doc/thesis/chapters/protocol/details.tex +++ b/doc/thesis/chapters/protocol/details.tex @@ -1,177 +1,166 @@ -\section{Protocol Detail} +\section{Protocol Details} \subsection{Key generation and initial setup} -\subsubsection{Initial Donau setup} -\begin{enumerate} - \item The Donau generates a public key $D^{pub}$ and private key $D^{priv}$ for EdDSA signing. - - \item The Donau generates the \textbf{Donation Units} consisting of $K_x^{pub}$ and $K_x^{priv}$ where $x$ is the associated value. -\end{enumerate} -\subsubsection{Charity setup (Charity side and Donau side)} +\subsubsection{Donau key generation} \begin{enumerate} - \item The \textbf{Charity} generates a public key $(C^{pub}$ and private key $C^{priv})$ and fetches the \textbf{Donation Unit} public keys from the Donau. - - \item The \textbf{Charity} transmits $C^{pub}$ and the desired yearly donation limit to the party which maintains the Donau (e.g tax office) using a \textbf{secure channel}. - - \item The party in charge of Donau administration ensures that the applying charity is authentic and publicly recognized as charity organisation. Furthermore, it ensures that all eventual checks required by law are done. After the verification was successful the Charity public key $C^{pub}$ and requested yearly donation limit are registered. + \item The Donau generates a Donau public key $D^{pub}$ and private key $D^{priv}$ for EdDSA signing. + \item The Donau generates the \textbf{Donation Units} consisting of a public key $K_x^{pub}$ and private key $K_x^{priv}$ where $x$ is the associated value. \end{enumerate} - -\subsection{During tax period} - -\subsubsection{Donor donates to charity and transmits \textbf{Unique Donor identifiers} (future donation receipts)} +\subsubsection{Charity key generation} \begin{enumerate} - \item The donor downloads the \textbf{Donation Unit} public keys $K_x^{pub}$ from the Donau for the current year. - - \item The donor splits the donation amount into a sum of \textbf{Donation Units} offered by the Donau. + \item The Charity generates a charity public key $(C^{pub}$ and private key $C^{priv})$ and fetches the \textbf{Donation Unit} public keys from the Donau. + \item The Charity transmits its public key $C^{pub}$ and the requested yearly donation limit to the party controlling the Donau (e.g the local tax authority) using a \textbf{secure channel}. + \item The party in charge of Donau administration ensures that the applying charity is authentic and publicly recognized as a charitable organisation. Furthermore, it ensures that all eventual restrictions by law are followed. After the verification was successful the Charity public key $C^{pub}$ together with its requested yearly donation limit are registered in the Donau database. +\end{enumerate} - \emph{Example: With \textbf{Donation units} $\{1,2,4\}$ beeing available, and a donation of $7$, the donation amount is split into the valus $4$, $2$ and $1$.} +\subsection{Donating to a charity} +% \subsubsection{Donor donates to charity and transmits \textbf{Unique Donor identifiers} (future donation receipts)} +In order to make a donation the donor has to first download the \textbf{Donation Unit} public keys $K_x^{pub}$ from the Donau for the current year. +After that the donor generates his \textbf{Donor Identifier} which is a salted hash of his tax number. +As each \textbf{Donation Unit} holds a specific value the donor has to splits the donation amount into a sum of \textbf{Donation Units} offered by the Donau. - \item The donor generates as many \textbf{Unique Donor Identifiers} as there are terms in the calculated sum. +Donor Identifier $i$: +\begin{align*} + i := H(\texttt{TAXID, S}) +\end{align*} - \emph{In our example, there are $3$ \textbf{Unique Donor Identifiers}: one per \textbf{Donation Unit}}. \footnote{If one Donation Unit is present more than once, then there is more than one Unique Donor Identifier required for said Donation Unit. This depends upon the offered Donation Units.} +\emph{Example: With \textbf{Donation units} $\{1,2,4\}$ beeing available, and a donation of $7$, the donation amount is split into the valus $4$, $2$ and $1$.} - \begin{align*} - i :&= H(\texttt{TAXID, S})\\\\ - u_1 :&= \langle i, \texttt{N}_1 \rangle \\ - u_2 :&= \langle i, \texttt{N}_2 \rangle \\ - u_3 :&= \langle i, \texttt{N}_3 \rangle - \end{align*} - where $S$ is the salt and $N$ a Nonce. +For every \textbf{Donation unit} the donor generates a \textbf{Unique Donor Identifier} by adding a nonce to his \textbf{Donor Identifier} $i$. +If one \textbf{Donation Unit} of the same value is present more than once, then there needs to be a \textbf{Unique Donor Identifier} for each of the \textbf{Donation Units}. - \item The donor blinds the \textbf{Unique Donor Identifiers} using a \emph{different} blinding factor $b$ for every \textbf{Unique Donor Identifier}. +\emph{In our example, there are $3$ \textbf{Unique Donor Identifiers}: one per \textbf{Donation Unit}}. - \begin{align*} - \overline u_1 :&= blind (u_1, b_1, K_1^{pub}) \\ - \overline u_2 :&= blind (u_2, b_2, K_2^{pub}) \\ - \overline u_3 :&= blind (u_3, b_3, K_4^{pub}) - \end{align*} +Unique Donor Identifiers $u_1, u_2, u_3$: +\begin{align*} + u_1 :&= \langle i, \texttt{N}_1 \rangle \\ + u_2 :&= \langle i, \texttt{N}_2 \rangle \\ + u_3 :&= \langle i, \texttt{N}_3 \rangle +\end{align*} +where $S$ is the salt and $N$ a Nonce. - \item So far, the \textbf{Unique Donor Identifiers} do not carry information about their value. The \emph{intended effective value is now indicated} by grouping each \textbf{Unique Donor Identifier} with the according hash of the \textbf{Donation Unit} public key $K^{pub}_x$. +In a next step the donor needs to blind the \textbf{Unique Donor Identifiers} using a \emph{different} blinding factor $b$ for every \textbf{Unique Donor Identifier}. +This ensures that no identifiable information is leaked to a third party including the Donau and charity. This results in a \textbf{Blinded Unique Donor Identifier}. - Resulting in a \textbf{Blinded Unique Donor Identifier Key Pair} or \textbf{BKP} for short. +Blinded Unique Donor Identifiers $\overline u_1, \overline u_2, \overline u_3$ +\begin{align*} + \overline u_1 :&= blind (u_1, b_1, K_1^{pub}) \\ + \overline u_2 :&= blind (u_2, b_2, K_2^{pub}) \\ + \overline u_3 :&= blind (u_3, b_3, K_4^{pub}) +\end{align*} - It is only the \emph{intended effective} value because the value will only be attributed later on with the signature of the Donau. +So far, the \textbf{Blinded Unique Donor Identifiers} do not carry information about their value. The \emph{intended effective value is now indicated} by grouping each \textbf{Unique Donor Identifier} with the according hash of the \textbf{Donation Unit} public key $K^{pub}_x$. Resulting in a \textbf{Blinded Unique Donor Identifier Key Pair} (\textbf{BKP}) - \emph{Note: The public key is not in relation with the sequential index of the \textbf{BKP}, it only relates to the value of the pair!} +It is only the \emph{intended effective} value because the value will only be attributed later on with the signature of the Donau. - \begin{align*} - \overline \mu_1 :&= \langle \overline u_1, h({K^{pub}_1}) \rangle \\ - \overline \mu_2 :&= \langle \overline u_2, h({K^{pub}_2}) \rangle \\ - \overline \mu_3 :&= \langle \overline u_3, h({K^{pub}_4}) \rangle - \end{align*} - \begin{align*} - \vec{\mu} :&= \langle \overline \mu_1, - \overline \mu_2,\overline \mu_3 - \rangle - \end{align*} - \item The donor sends all \textbf{BKP}'s $\vec{\mu}$ as well as the corresponding \textbf{payment} to the charity. +\emph{Note: The public key is not in relation with the sequential index of the \textbf{BKP}, it only relates to the value of the pair!} -\end{enumerate} +Blinded Unique Donor Identifier Key Pairs $\overline mu_1, \overline mu_2, \overline mu_3$ +\begin{align*} + \overline \mu_1 :&= \langle \overline u_1, h({K^{pub}_1}) \rangle \\ + \overline \mu_2 :&= \langle \overline u_2, h({K^{pub}_2}) \rangle \\ + \overline \mu_3 :&= \langle \overline u_3, h({K^{pub}_4}) \rangle +\end{align*} -\subsubsection{Charity sends signed \textbf{BKP}'s to Donau} -\begin{enumerate} - \item The charity verifies that the amount requested (based on the \textbf{Donation Unit} public key hash $h(K_x^{pub})$) for signing is \textbf{lower or equal} to the effective amount of the donation. +These individual \textbf{BKP}'s are then put in an array of \textbf{BKP}'s $\vec{\mu}$ +\begin{align*} + \vec{\mu} :&= \langle \overline \mu_1, + \overline \mu_2,\overline \mu_3 + \rangle +\end{align*} - \item The charity signs (using EdDSA) a structure containing all unsigned $BKP$'s coming from the donor. +The donor sends the array of \textbf{BKP}'s $\vec{\mu}$ as well as the corresponding \textbf{payment} to the charity. - \begin{align*} - \sigma_c = sign(\vec{\mu}, C^{priv}) - \end{align*} +\subsection{Charity receives Donation} +Upon receiving the \textbf{BKP}'s $\vec{\mu}$ with the corresponding payment the charity has to verify that the amount requested (based on the \textbf{Donation Unit} public key hash $h(K_x^{pub})$) for signing is \textbf{lower or equal} to the effective amount of the donation. - \item The charity sends this structure $\vec{\mu}$ and the signature $\sigma_c$ to the Donau. -\end{enumerate} +If the payment was successful with the correct amount present, the charity signs (using EdDSA) a structure containing all unsigned \textbf{BKP}'s $\vec{\mu}$ coming from the donor. -\subsubsection{Donau sends back the blind signed \textbf{UDI}'s to charity} -\begin{enumerate} - \item The Donau: - \begin{enumerate} - \item verifies the signature $\sigma_c$ on the structure. +Signing the array of BKP's: +\begin{align*} + \sigma_c = sign(\vec{\mu}, C^{priv}) +\end{align*} - \begin{align*} - verify(\vec{\mu},\sigma_c, C^{pub}) - \end{align*} +The charity sends the \textbf{BKP}'s $\vec{\mu}$ and the signature $\sigma_c$ to the Donau. - \item increments the current amount of donations received per year of the charity. This value is increased by the total amount of the \textbf{Blinded Unique Donor Identifier (BUDI)}'s, if the increment does not exceed the annual limit. +\subsection{Donau creates Donation receipt material} +The Donau now has received the \textbf{BKP}'s $\vec{\mu}$ previously sent by the charity. The Donau must ensure that the charity signature is valid. - \item blind signs all the \textbf{BUDI}'s using the \textbf{Donation Unit} private keys $K_x^{priv}$ matching the public keys used in the hash $h(K^{pub})$ which was inturn used in the \textbf{BKP}'s. +Verifing the charity signature $\sigma_c$: +\begin{align*} + verify(\vec{\mu},\sigma_c, C^{pub}) +\end{align*} - \begin{align*} - \overline{\beta_1} = blind\_sign(\overline u_1, K_1^{priv}) \\ - \overline{\beta_2} = blind\_sign(\overline u_2, K_2^{priv}) \\ - \overline{\beta_3} = blind\_sign(\overline u_3, K_4^{priv}) - \end{align*} +Once verified the Donau has to check for any legal restrictions such as the yearly donation limit. Then the Donau increments the current amount of the donations received per year of the charity. This value is increased by the total amount of the \textbf{Blinded Unique Donor Identifier (BUDI)}'s, if the increment does not exceed the annual limit. - \item sends back all created blind signatures - $\overline{\beta_1}, \overline{\beta_2}, \overline{\beta_3}$ to the charity. - \end{enumerate} +After that the Donau blind signs all the \textbf{BUDI}'s using the \textbf{Donation Unit} private keys $K_x^{priv}$ matching the public keys used in the hash $h(K^{pub})$ which was inturn used in the \textbf{BKP}'s. - \item The charity forwards the blind signatures to the donor. +Donau blind signing Blinded Unique Donor Identifiers $\overline u_1, \overline u_2, \overline u_3$: +\begin{align*} + \overline{\beta_1} = blind\_sign(\overline u_1, K_1^{priv}) \\ + \overline{\beta_2} = blind\_sign(\overline u_2, K_2^{priv}) \\ + \overline{\beta_3} = blind\_sign(\overline u_3, K_4^{priv}) +\end{align*} - \item The donor verifies the signatures. +The signatures $\overline{\beta_1}, \overline{\beta_2}, \overline{\beta_3}$ are then sent back to the charity which inturn forwards them to the donor. This is done out of simplicity as the charity has already a secure channel open with the donor, elmination the need to open another channel. - \begin{align*} +\subsection{Donor receives Donation receipt material} +Upon receiving the Donau signatures $\overline{\beta_1}, \overline{\beta_2}, \overline{\beta_3}$ via the charity, the Donor checks if the blind signatures over the \textbf{Blinded Unique Donor Identifiers} $\overline u_1, \overline u_2, \overline u_3$ is valid: +\begin{align*} verify\_blind(u_1,\overline{\beta_1}, K_1^{pub}) \\ verify\_blind(u_2,\overline{\beta_2}, K_2^{pub}) \\ verify\_blind(u_3,\overline{\beta_3}, K_4^{pub}) - \end{align*} - -\item The donor unblinds the signatures of the \textbf{BUDI}'s to get the signatures of the \textbf{Unique Donor Identifier (UDI)}'s. This results in a collection of \textbf{Donation Receipt (DR)}'s each consisting of the \textbf{UDI}, the signature $\beta$ and the hash of the \textbf{Donation Unit} public key $h(K_x^{pub})$. - - \begin{align*} - \beta_1 &= unblind(\overline{\beta_1}, b_1, K_1^{pub}) \\ - \beta_2 &= unblind(\overline{\beta_2}, b_2, K_2^{pub}) \\ - \beta_3 &= unblind(\overline{\beta_3}, b_3, K_4^{pub}) - \end{align*} - \begin{align*} - r_1 &= \langle UDI_1, \beta_1, h(K_1^{pub}) \rangle \\ - r_2 &= \langle UDI_2, \beta_2, h(K_2^{pub}) - \rangle \\ - r_3 &= \langle UDI_3, \beta_3, h(K_4^{pub}) \rangle - \end{align*} -\end{enumerate} - -\subsection{After effective tax period: get tax statement for period from Donau} - -\subsubsection{Donor sends the \textbf{Donation Receipts} to the Donau to get the final \textbf{Donation Statement}.} -\begin{enumerate} - \item The donor sends the collection of all \textbf{Donation Receipts} $\{r_1, r_2, r_3\}$ to the Donau. This happens \textbf{manually} once per period. - - It is not done continuously to obtain \emph{unlinkability} between the \emph{issuance} of the \textbf{Donation Receipts} (which happens upon donation) and their \emph{submission} for the \textbf{Donation Statement}. - - \item For each \textbf{Donation Receipt} the Donau: - \begin{itemize} - \item checks that $K_x^{pub}$ is known. - - \item verifies that the signature $\beta$ is correct using the corresponding public key $K_x^{pub}$. - - \item verifies that the \textbf{Donor Identifier} is the same as in other \textbf{Donation Receipts}.\footnote{With multiple wallets each wallet must simply obtain a separate \textbf{Donation Statement}!} - - \item verifies that the $\texttt{nonce}$ is unique and was not used before by the donor for the corresponding year. - \end{itemize} - - \item The Donau signs over the total \texttt{amount} donated by the donor, \texttt{year} and \textbf{Donor Identifier} and sends the signature and the total amount back to the donor. - - This results in a final signature called the \textbf{Donation Statement}. +\end{align*} + +Once verified the donor unblinds the signatures of the \textbf{BUDI}'s to get the signatures over the \textbf{Unique Donor Identifier (UDI)}'s. This results in a collection of \textbf{Donation Receipt (DR)}'s each consisting of the \textbf{UDI}, the signature $\beta$ and the hash of the \textbf{Donation Unit} public key $h(K_x^{pub})$. + +Donor unblinds Donau signatures $\overline{\beta_1}, \overline{\beta_2}, \overline{\beta_3}$: +\begin{align*} + \beta_1 &= unblind(\overline{\beta_1}, b_1, K_1^{pub}) \\ + \beta_2 &= unblind(\overline{\beta_2}, b_2, K_2^{pub}) \\ + \beta_3 &= unblind(\overline{\beta_3}, b_3, K_4^{pub}) +\end{align*} + +Donor creates the final Donation Receipts $r_1, r_2, r_3$ +\begin{align*} + r_1 &= \langle UDI_1, \beta_1, h(K_1^{pub}) \rangle \\ + r_2 &= \langle UDI_2, \beta_2, h(K_2^{pub}) \rangle \\ + r_3 &= \langle UDI_3, \beta_3, h(K_4^{pub}) \rangle +\end{align*} + +These \textbf{Donation Receipt (DR)} are then stored on the donors device. + +\subsection{Donor requests a Donation Statement from the Donau} +To make the donations tax deductable the donor needs to have a final \textbf{Donation Statement} which can be sent to the tax authority. To get the \textbf{Donation Statement} the donor sends the \textbf{Donation Receipts} $\{r_1, r_2, r_3\}$ accumulated throughout the year to the Donau. +This can be done multiple times during the year. It is not done automatically as to obtain \emph{unlinkability} between the \emph{issuance} of the \textbf{Donation Receipts} (which happens upon donation) and their \emph{submission} for the \textbf{Donation Statement}. + +Once the Donau receives the \textbf{Donation Receipts} $\{r_1, r_2, r_3\}$ it has to check that for each \textbf{Donation Receipt}: +\begin{itemize} + \item the public key $K_x^{pub}$ is known. + \item the signature $\beta$ is correct using the corresponding public key $K_x^{pub}$. + \item the \textbf{Donor Identifier} is the same as in other \textbf{Donation Receipts}. (With multiple wallets each wallet must simply obtain a separate \textbf{Donation Statement}) + \item the $\texttt{nonce}$ is unique and was not used before by the donor for the corresponding year. +\end{itemize} + +The Donau then signs over the total \texttt{amount} donated by the donor, the current \texttt{year} and the \textbf{Donor Identifier}. This results in a final signature called the \textbf{Donation Statement} which is then sent back to the donor. + +Donau creates Donation Statement $\sigma_s$: +\begin{align*} + \sigma_s = sign(\langle i, \texttt{amount}_{Total}, \texttt{year}) \rangle, D^{priv}) +\end{align*} + +\subsection{Donor sends final statement to a validator} +The Donor uses the \textbf{Donation Statement} $\sigma_s$ to create a QR-Code which then can be included in the tax declaration. + +Donor generates a \texttt{QR} code which contains the following: +\begin{align*} + \texttt{QR} = \langle \texttt{taxid}, \texttt{salt}, \texttt{year}, \texttt{amount}, \sigma_s \rangle +\end{align*} + +The validator at the tax office then scans the QR code and verifies the \textbf{Donation Statement} $\sigma_s$. +\begin{align*} + verify(\langle i, \texttt{amount}_{Total}, \texttt{year}) \rangle,\sigma_s, D^{pub}) +\end{align*} - \begin{align*} - \sigma_s = sign(\langle i, \texttt{amount}_{Total}, \texttt{year}) \rangle, D^{priv}) - \end{align*} - -\end{enumerate} - -\subsubsection{Donor sends the QR Code to a validator (e.g. tax office)} -\begin{enumerate} - \item The donor generates a QR code which contains the following: - \begin{align*} - \texttt{QR} = \langle \texttt{taxid}, \texttt{salt}, \texttt{year}, \texttt{amount}, \text{$\sigma_s$} \rangle - \end{align*} - - \item The validator scans the QR code and verifies the \textbf{Donation Statement} $\sigma_s$. - - \begin{align*} - verify(\langle i, \texttt{amount}_{Total}, \texttt{year}) \rangle,\sigma_s, D^{pub}) - \end{align*} - -\end{enumerate} diff --git a/doc/thesis/thesis.pdf b/doc/thesis/thesis.pdf Binary files differindex 590a3c2..465648e 100644 --- a/doc/thesis/thesis.pdf +++ b/doc/thesis/thesis.pdf diff --git a/doc/thesis/thesis.tex b/doc/thesis/thesis.tex index c61e50e..5382007 100644 --- a/doc/thesis/thesis.tex +++ b/doc/thesis/thesis.tex @@ -7,7 +7,7 @@ \title{\Huge\textsf{\textbf{DONAU}}\\ \vspace{30px} -\large{Tax-deductable Donations for GNU Taler}} +\huge{Tax-deductable Donations}} \author{Johannes Casaburi \and Lukas Matyja\\ \vspace{5px} \and Advisor: Prof. Dr. Christian Grothoff \and Advisor: Prof. Dr. Emmanuel Benoist \\ Expert: Daniel Voisard} @@ -21,7 +21,7 @@ \chapter{Introduction} \input{chapters/intro/introduction} -\chapter{Donau Overview} +\chapter{Overview} \input{chapters/overview/overview} \chapter{Cryptographic Preliminaries} diff --git a/src/donau/Makefile.am b/src/donau/Makefile.am index bad96b4..07879dd 100644 --- a/src/donau/Makefile.am +++ b/src/donau/Makefile.am @@ -39,7 +39,6 @@ donau_httpd_LDADD = \ donau_httpd_SOURCES = \ donau-httpd.c donau-httpd.h \ - donau-httpd_metrics.c donau-httpd_metrics.h \ donau-httpd_db.c donau-httpd_db.h \ donau-httpd_keys.c donau-httpd_keys.h \ donau-httpd_config.c donau-httpd_config.h \ @@ -50,6 +49,7 @@ donau_httpd_SOURCES = \ donau-httpd_donation-statement.c donau-httpd_donation-statement.h \ donau-httpd_batch-submit.c donau_httpd_batch-submit.h \ donau-httpd_terms.c donau-httpd_terms.h \ + donau-httpd_csr.c donau-httpd_csr.h \ donau-httpd_batch-issue.c donau_httpd_batch-issue.h # Testcases diff --git a/src/donau/donau-httpd.c b/src/donau/donau-httpd.c index 1a64177..70cf67b 100644 --- a/src/donau/donau-httpd.c +++ b/src/donau/donau-httpd.c @@ -36,6 +36,7 @@ #include "donau-httpd_batch-issue.h" #include "donau-httpd_batch-submit.h" #include "donau-httpd_history.h" +#include "donau-httpd_csr.h" #include "donau-httpd_terms.h" #include "donaudb_plugin.h" #include <gnunet/gnunet_mhd_compat.h> @@ -54,7 +55,7 @@ * Above what request latency do we start to log? */ #define WARN_LATENCY GNUNET_TIME_relative_multiply ( \ - GNUNET_TIME_UNIT_MILLISECONDS, 500) + GNUNET_TIME_UNIT_MILLISECONDS, 500) /** * Are clients allowed to request /keys for times other than the @@ -80,11 +81,6 @@ const struct GNUNET_CONFIGURATION_Handle *DH_cfg; static struct MHD_Daemon *mhd; /** - * How long is caching /keys allowed at most? (global) - */ -// struct GNUNET_TIME_Relative DH_max_keys_caching; - -/** * Our DB plugin. (global) */ struct DONAUDB_Plugin *DH_plugin; @@ -137,11 +133,6 @@ int DH_global_ret; static uint16_t serve_port; /** - * Counter for the number of requests this HTTP has processed so far. - */ -// static unsigned long long req_count; - -/** * Counter for the number of open connections. */ static unsigned long long active_connections; @@ -177,25 +168,6 @@ typedef MHD_RESULT const struct TALER_CoinSpendPublicKeyP *coin_pub, const json_t *root); - -/** - * Generate a 404 "not found" reply on @a connection with - * the hint @a details. - * - * @param connection where to send the reply on - * @param details details for the error message, can be NULL - */ -// static MHD_RESULT -// r404 (struct MHD_Connection *connection, -// const char *details) -// { -// return TALER_MHD_reply_with_error (connection, -// MHD_HTTP_NOT_FOUND, -// TALER_EC_EXCHANGE_GENERIC_OPERATION_UNKNOWN, -// details); -// } - - /** * Function called whenever MHD is done with a request. If the * request was a POST, we may have stored a `struct Buffer *` in the @@ -496,13 +468,13 @@ handle_mhd_request (void *cls, .handler.delete = &DH_handler_charity_delete, .nargs = 1 }, - // /* POST get csr values*/ - // { - // .url = "csr-issue", - // .method = MHD_HTTP_METHOD_POST, - // .handler.post = &DH_handler_csr_issue, - // .nargs = 0 - // }, + /* POST get csr values*/ + { + .url = "csr-issue", + .method = MHD_HTTP_METHOD_POST, + .handler.post = &DH_handler_csr_issue, + .nargs = 0 + }, /* POST batch issue receipts */ { .url = "batch-issue", diff --git a/src/donau/donau-httpd_batch-issue.c b/src/donau/donau-httpd_batch-issue.c index c785e00..9c572b1 100644 --- a/src/donau/donau-httpd_batch-issue.c +++ b/src/donau/donau-httpd_batch-issue.c @@ -30,7 +30,6 @@ #include "donaudb_plugin.h" #include "donau-httpd_batch-issue.h" #include "donau-httpd_db.h" -#include "donau-httpd_metrics.h" #include "donau_json_lib.h" #include "donau-httpd_keys.h" @@ -72,7 +71,7 @@ parse_json_bkp (struct DONAU_BlindedUniqueDonorIdentifierKeyPair *bkp, * Parse signatures to JSON. * * @param num_sig number of signatures - * @param signatures + * @param signatures Blinded donation unit signatures * @param[out] j_signatures JSON object * @return #GNUNET_OK if all is fine, #GNUNET_SYSERR if we could not parse * is malformed. @@ -202,13 +201,13 @@ DH_handler_issue_receipts_post (struct DH_RequestContext *rc, { case GNUNET_DB_STATUS_HARD_ERROR: case GNUNET_DB_STATUS_SOFT_ERROR: - GNUNET_break_op (0); + GNUNET_break_op (0); return TALER_MHD_reply_with_error (rc->connection, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_FETCH_FAILED, NULL); case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: - GNUNET_break_op (0); + GNUNET_break_op (0); return TALER_MHD_reply_with_error ( rc->connection, MHD_HTTP_NOT_FOUND, @@ -305,7 +304,8 @@ start: struct DH_DonationUnitKey *dk; if (NULL == (dk = DH_keys_donation_unit_by_hash ( - &bkps[i].h_donation_unit_pub))) { + &bkps[i].h_donation_unit_pub))) + { GNUNET_break_op (0); return TALER_MHD_reply_with_error (rc->connection, MHD_HTTP_NOT_FOUND, @@ -333,8 +333,9 @@ start: batch_sign_ec = DH_keys_donation_unit_batch_sign (num_bkps, bkps_sign_data, du_sigs); - if (TALER_EC_NONE != batch_sign_ec) { - GNUNET_break_op (0); + if (TALER_EC_NONE != batch_sign_ec) + { + GNUNET_break_op (0); return TALER_MHD_reply_with_error (rc->connection, MHD_HTTP_INTERNAL_SERVER_ERROR, batch_sign_ec, // TODO:other EC @@ -368,7 +369,8 @@ start: second_time = true; goto start; case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: - if (! smaller_than_max_per_year) { + if (! smaller_than_max_per_year) + { GNUNET_break_op (0); return TALER_MHD_reply_with_error (rc->connection, MHD_HTTP_BAD_REQUEST, diff --git a/src/donau/donau-httpd_batch-submit.c b/src/donau/donau-httpd_batch-submit.c index ef8e1a2..fb4b4a1 100644 --- a/src/donau/donau-httpd_batch-submit.c +++ b/src/donau/donau-httpd_batch-submit.c @@ -37,7 +37,7 @@ */ struct InsertReceiptContext { - struct DONAU_HashDonorTaxId *h_donor_tax_id; + struct DONAU_HashDonorTaxId h_donor_tax_id; struct DONAU_DonationReceipt *donation_receipts; uint64_t donation_year; }; @@ -59,9 +59,8 @@ parse_json_dr (struct DONAU_DonationReceipt *dr, &dr->h_donation_unit_pub), GNUNET_JSON_spec_fixed_auto ("nonce", &dr->nonce), - // FIXME Need GNUNET_JSON_spec_unblinded_signature - GNUNET_JSON_spec_fixed_auto ("donation_unit_sig", - &dr->donation_unit_sig), + GNUNET_JSON_spec_unblinded_signature ("donation_unit_sig", + &dr->donation_unit_sig.unblinded_sig), GNUNET_JSON_spec_end () }; @@ -84,7 +83,7 @@ DH_handler_submit_receipts_post (struct DH_RequestContext *rc, const json_t *root, const char *const args[]) { - struct InsertReceiptContext irc; + struct InsertReceiptContext irc = {0}; const json_t *donation_receipts; struct GNUNET_JSON_Specification spec[] = { @@ -161,7 +160,7 @@ DH_handler_submit_receipts_post (struct DH_RequestContext *rc, } DONAU_unique_donor_id_hash ( - irc.h_donor_tax_id, + &irc.h_donor_tax_id, &irc.donation_receipts[i].nonce, &udi_hash); @@ -186,7 +185,7 @@ DH_handler_submit_receipts_post (struct DH_RequestContext *rc, qs = DH_plugin->insert_submitted_receipts ( DH_plugin->cls, - irc.h_donor_tax_id, + &irc.h_donor_tax_id, num_dr, irc.donation_receipts, irc.donation_year); diff --git a/src/donau/donau-httpd_batch-submit.h b/src/donau/donau-httpd_batch-submit.h index 08794e3..aa3ff6c 100644 --- a/src/donau/donau-httpd_batch-submit.h +++ b/src/donau/donau-httpd_batch-submit.h @@ -14,7 +14,7 @@ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> */ /** - * @file donau-httpd_submit-receipts.h + * @file donau-httpd_batch-submit.h * @brief Handle /submit requests * @author Johannes Casaburi */ diff --git a/src/donau/donau-httpd_charity_delete.c b/src/donau/donau-httpd_charity_delete.c index b76fa12..aaaa5e9 100644 --- a/src/donau/donau-httpd_charity_delete.c +++ b/src/donau/donau-httpd_charity_delete.c @@ -15,8 +15,7 @@ */ /** * @file donau-httpd_charity_delete.c - * @brief Handle DELETE /charitys/$PID requests; parses the request and - * verifies the signature before handing deletion to the database. + * @brief Handle DELETE /charitys/$CHARITY_ID requests. * @author Johannes Casaburi */ #include "taler/platform.h" @@ -27,12 +26,7 @@ #include "taler/taler_dbevents.h" #include "taler/taler_json_lib.h" #include "taler/taler_mhd_lib.h" -// #include "donau-httpd_common_deposit.h" #include "donau-httpd_charity.h" -// #include "donau-httpd_responses.h" -// #include "taler_exchangedb_lib.h" -// #include "donau-httpd_keys.h" - MHD_RESULT DH_handler_charity_delete ( diff --git a/src/donau/donau-httpd_charity_insert.c b/src/donau/donau-httpd_charity_insert.c index 7c3b027..3ba9d78 100644 --- a/src/donau/donau-httpd_charity_insert.c +++ b/src/donau/donau-httpd_charity_insert.c @@ -30,7 +30,6 @@ #include "donaudb_plugin.h" #include "donau-httpd_charity.h" #include "donau-httpd_db.h" -#include "donau-httpd_metrics.h" /** @@ -143,7 +142,6 @@ DH_handler_charity_post (struct DH_RequestContext *rc, if (GNUNET_OK != DH_DB_run_transaction (rc->connection, "insert_charity", - DH_MT_REQUEST_OTHER, &mhd_ret, &insert_charity, &icc)) diff --git a/src/donau/donau-httpd_csr.c b/src/donau/donau-httpd_csr.c index ee18314..31311ba 100644 --- a/src/donau/donau-httpd_csr.c +++ b/src/donau/donau-httpd_csr.c @@ -19,9 +19,7 @@ /** * @file donau-httpd_csr.c * @brief Handle /csr requests - * @author Lucien Heuzeveldt - * @author Gian Demarmles - * @author Christian Grothoff + * @author Johannes Casaburi */ #include <taler/platform.h> #include <gnunet/gnunet_util_lib.h> @@ -32,6 +30,7 @@ #include <taler/taler_mhd_lib.h> #include <taler/taler_signatures.h> #include "donaudb_plugin.h" +#include "donau-httpd_keys.h" #include "donau-httpd_csr.h" @@ -43,22 +42,22 @@ MHD_RESULT DH_handler_csr_issue (struct DH_RequestContext *rc, - const json_t *root, - const char *const args[]) + const json_t *root, + const char *const args[]) { struct GNUNET_CRYPTO_CsSessionNonce nonce; - struct TALER_DenominationHashP denom_pub_hash; + struct DONAU_DonationUnitHashP du_pub_hash; struct GNUNET_CRYPTO_BlindingInputValues ewv = { .cipher = GNUNET_CRYPTO_BSA_CS }; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_fixed_auto ("nonce", &nonce), - GNUNET_JSON_spec_fixed_auto ("denom_pub_hash", - &denom_pub_hash), + GNUNET_JSON_spec_fixed_auto ("du_pub_hash", + &du_pub_hash), GNUNET_JSON_spec_end () }; - struct TEH_DenominationKey *dk; + struct DH_DonationUnitKey *dk; (void) args; { @@ -72,74 +71,34 @@ DH_handler_csr_issue (struct DH_RequestContext *rc, } { - struct TEH_KeyStateHandle *ksh; - - ksh = TEH_keys_get_state (); - if (NULL == ksh) - { - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_EXCHANGE_GENERIC_KEYS_MISSING, - NULL); - } - dk = TEH_keys_denomination_by_hash_from_state (ksh, - &denom_pub_hash, - NULL, - NULL); + dk = DH_keys_donation_unit_by_hash (&du_pub_hash); if (NULL == dk) { - return TEH_RESPONSE_reply_unknown_denom_pub_hash ( - rc->connection, - &denom_pub_hash); - } - if (GNUNET_TIME_absolute_is_past (dk->meta.expire_withdraw.abs_time)) - { - /* This denomination is past the expiration time for withdraws/refreshes*/ - return TEH_RESPONSE_reply_expired_denom_pub_hash ( - rc->connection, - &denom_pub_hash, - TALER_EC_EXCHANGE_GENERIC_DENOMINATION_EXPIRED, - "csr-withdraw"); - } - if (GNUNET_TIME_absolute_is_future (dk->meta.start.abs_time)) - { - /* This denomination is not yet valid, no need to check - for idempotency! */ - return TEH_RESPONSE_reply_expired_denom_pub_hash ( - rc->connection, - &denom_pub_hash, - TALER_EC_EXCHANGE_GENERIC_DENOMINATION_VALIDITY_IN_FUTURE, - "csr-withdraw"); - } - if (dk->recoup_possible) - { - /* This denomination has been revoked */ - return TEH_RESPONSE_reply_expired_denom_pub_hash ( + GNUNET_break (0); + return TALER_MHD_reply_with_error ( rc->connection, - &denom_pub_hash, - TALER_EC_EXCHANGE_GENERIC_DENOMINATION_REVOKED, - "csr-withdraw"); + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_EXCHANGE_GENERIC_KEYS_MISSING, // FIXME + NULL); } if (GNUNET_CRYPTO_BSA_CS != - dk->denom_pub.bsign_pub_key->cipher) + dk->donation_unit_pub.bsign_pub_key->cipher) { - /* denomination is valid but not for CS */ - return TEH_RESPONSE_reply_invalid_denom_cipher_for_operation ( + /* donation_unit is valid but not for CS */ + GNUNET_break (0); + return TALER_MHD_reply_with_error ( rc->connection, - &denom_pub_hash); + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_EXCHANGE_GENERIC_KEYS_MISSING, // FIXME + NULL); } } /* derive r_pub */ { enum TALER_ErrorCode ec; - const struct TEH_CsDeriveData cdd = { - .h_denom_pub = &denom_pub_hash, - .nonce = &nonce - }; - - ec = TEH_keys_denomination_cs_r_pub (&cdd, - false, + ec = DH_keys_donation_unit_cs_r_pub (&du_pub_hash, + &nonce, &ewv.details.cs_values); if (TALER_EC_NONE != ec) { @@ -156,7 +115,7 @@ DH_handler_csr_issue (struct DH_RequestContext *rc, return TALER_MHD_REPLY_JSON_PACK ( rc->connection, - MHD_HTTP_OK, + MHD_HTTP_CREATED, TALER_JSON_pack_exchange_withdraw_values ("ewv", &exw)); } diff --git a/src/donau/donau-httpd_csr.h b/src/donau/donau-httpd_csr.h index 3a6cc18..a3e7e39 100644 --- a/src/donau/donau-httpd_csr.h +++ b/src/donau/donau-httpd_csr.h @@ -16,8 +16,7 @@ /** * @file donau-httpd_csr.h * @brief Handle /csr-* requests - * @author Lucien Heuzeveldt - * @author Gian Demarmles + * @author Johannes Casaburi */ #ifndef DONAU_HTTPD_CSR_H #define DONAU_HTTPD_CSR_H @@ -37,7 +36,7 @@ */ MHD_RESULT DH_handler_csr_issue (struct DH_RequestContext *rc, - const json_t *root, - const char *const args[]); + const json_t *root, + const char *const args[]); #endif diff --git a/src/donau/donau-httpd_db.c b/src/donau/donau-httpd_db.c index 09490d2..56fba7e 100644 --- a/src/donau/donau-httpd_db.c +++ b/src/donau/donau-httpd_db.c @@ -16,7 +16,7 @@ /** * @file donau-httpd_db.c * @brief Generic database operations for the donau. - * @author Christian Grothoff + * @author Johannes Casaburi */ #include <taler/platform.h> #include <pthread.h> @@ -26,13 +26,12 @@ #include <taler/taler_mhd_lib.h> #include "donaudb_lib.h" #include "donau-httpd_db.h" -// #include "donau-httpd_responses.h" +#include "donau-httpd.h" enum GNUNET_GenericReturnValue DH_DB_run_transaction (struct MHD_Connection *connection, const char *name, - enum DH_MetricTypeRequest mt, MHD_RESULT *mhd_ret, DH_DB_TransactionCallback cb, void *cb_cls) @@ -50,8 +49,6 @@ DH_DB_run_transaction (struct MHD_Connection *connection, NULL); return GNUNET_SYSERR; } - GNUNET_assert (mt < DH_MT_REQUEST_COUNT); - DH_METRICS_num_requests[mt]++; for (unsigned int retries = 0; retries < MAX_TRANSACTION_COMMIT_RETRIES; retries++) @@ -100,7 +97,6 @@ DH_DB_run_transaction (struct MHD_Connection *connection, (-1 == (int) *mhd_ret) ); if (0 <= qs) return GNUNET_OK; - DH_METRICS_num_conflict[mt]++; } DH_plugin->rollback (DH_plugin->cls); TALER_LOG_ERROR ("Transaction `%s' commit failed %u times\n", diff --git a/src/donau/donau-httpd_db.h b/src/donau/donau-httpd_db.h index ac21e5c..a8f0a0e 100644 --- a/src/donau/donau-httpd_db.h +++ b/src/donau/donau-httpd_db.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014-2017 Taler Systems SA + Copyright (C) 2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -16,14 +16,12 @@ /** * @file donau/donau-httpd_db.h * @brief High-level (transactional-layer) database operations for the donau - * @author Chrisitan Grothoff + * @author Johannes Casaburi */ #ifndef DONAU_HTTPD_DB_H #define DONAU_HTTPD_DB_H #include <microhttpd.h> -// #include "donaudb_plugin.h" -#include "donau-httpd_metrics.h" #include <gnunet/gnunet_mhd_compat.h> @@ -41,22 +39,6 @@ /** - * Ensure coin is known in the database, and handle conflicts and errors. - * - * @param coin the coin to make known - * @param connection MHD request context - * @param[out] known_coin_id set to the unique ID for the coin in the DB - * @param[out] mhd_ret set to MHD status on error - * @return transaction status, negative on error (@a mhd_ret will be set in this case) - */ -enum GNUNET_DB_QueryStatus -DH_make_coin_known (const struct TALER_CoinPublicInfo *coin, - struct MHD_Connection *connection, - uint64_t *known_coin_id, - MHD_RESULT *mhd_ret); - - -/** * Function implementing a database transaction. Runs the transaction * logic; IF it returns a non-error code, the transaction logic MUST * NOT queue a MHD response. IF it returns an hard error, the @@ -85,7 +67,6 @@ typedef enum GNUNET_DB_QueryStatus * * @param connection MHD connection to run @a cb for, can be NULL * @param name name of the transaction (for debugging) - * @param mt type of the requests, for metric generation * @param[out] mhd_ret set to MHD response code, if transaction failed (returned #GNUNET_SYSERR); * NULL if we are not running with a @a connection and thus * must not queue MHD replies @@ -96,7 +77,6 @@ typedef enum GNUNET_DB_QueryStatus enum GNUNET_GenericReturnValue DH_DB_run_transaction (struct MHD_Connection *connection, const char *name, - enum DH_MetricTypeRequest mt, MHD_RESULT *mhd_ret, DH_DB_TransactionCallback cb, void *cb_cls); diff --git a/src/donau/donau-httpd_history_get.c b/src/donau/donau-httpd_history_get.c index 4ac2d77..35c7b4a 100644 --- a/src/donau/donau-httpd_history_get.c +++ b/src/donau/donau-httpd_history_get.c @@ -28,13 +28,12 @@ #include "donau-httpd.h" #include "donaudb_plugin.h" #include "donau-httpd_history.h" -// #include "taler-exchange-httpd_metrics.h" /** * Maximum number of history we return per request. */ -#define MAX_RECORDS 1024 +// #define MAX_RECORDS 1024 /** * Return history information. diff --git a/src/donau/donau-httpd_keys.c b/src/donau/donau-httpd_keys.c index 018c096..d801b5b 100644 --- a/src/donau/donau-httpd_keys.c +++ b/src/donau/donau-httpd_keys.c @@ -326,7 +326,7 @@ struct KeysBuilderContext * Function called for all signing keys, used to build up the * respective JSON response. * - * @param cls a `struct SignKeyCtx *` with the array to append keys to + * @param cls a `struct KeysBuilderContext *` with the array to append keys to * @param pid the donau public key (in type disguise) * @param value a `struct SigningKey` * @return #GNUNET_OK (continue to iterate) @@ -361,7 +361,7 @@ add_sign_key_cb (void *cls, * and adds the remaining donation unit keys (with their configuration * data) to the JSON array. * - * @param cls the `struct FutureBuilderContext *` + * @param cls the `struct KeysBuilderContext *` * @param h_du_pub hash of the donation unit public key * @param value a `struct DH_DonationUnitKey` * @return #GNUNET_OK (continue to iterate) @@ -1434,10 +1434,40 @@ struct DH_DonationUnitKey * DH_keys_donation_unit_by_hash ( const struct DONAU_DonationUnitHashP *h_du_pub) { + return GNUNET_CONTAINER_multihashmap_get (du_keys, + &h_du_pub->hash); +} + + +enum TALER_ErrorCode +DH_keys_donation_unit_cs_r_pub ( + const struct DONAU_DonationUnitHashP *h_donation_unit_pub, + const struct GNUNET_CRYPTO_CsSessionNonce *nonce, + struct GNUNET_CRYPTO_CSPublicRPairP *r_pub) +{ struct DH_DonationUnitKey *dk; - dk = GNUNET_CONTAINER_multihashmap_get (du_keys, - &h_du_pub->hash); - return dk; + + dk = DH_keys_donation_unit_by_hash (h_donation_unit_pub); + if (NULL == dk) + { + return TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN; + } + if (GNUNET_CRYPTO_BSA_CS != + dk->donation_unit_pub.bsign_pub_key->cipher) + { + return TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE; + } + + { + struct TALER_CRYPTO_CsDeriveRequest cdr = { + .h_cs = (const struct TALER_CsPubHashP *) &dk->h_donation_unit_pub, + .nonce = nonce + }; + return TALER_CRYPTO_helper_cs_r_derive (csdh, + &cdr, + false, + r_pub); + } } diff --git a/src/donau/donau-httpd_keys.h b/src/donau/donau-httpd_keys.h index e7dacb9..6818341 100644 --- a/src/donau/donau-httpd_keys.h +++ b/src/donau/donau-httpd_keys.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2020-2023 Taler Systems SA + Copyright (C) 2023-2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software @@ -21,7 +21,6 @@ #include <taler/platform.h> #include <taler/taler_json_lib.h> #include <taler/taler_mhd_lib.h> -// #include "donau-httpd_responses.h" #include "donau_util.h" #include "donaudb_plugin.h" #include "donau-httpd.h" @@ -82,15 +81,15 @@ struct DH_BlindSignData }; /** - * Sign the message in @a purpose with the exchange's signing key. + * Sign the message in @a purpose with the doanu's signing key. * * The @a purpose data is the beginning of the data of which the signature is * to be created. The `size` field in @a purpose must correctly indicate the * number of bytes of the data structure, including its header. Use - * #TEH_keys_exchange_sign() instead of calling this function directly! + * #DH_keys_doanu_sign() instead of calling this function directly! * * @param purpose the message to sign - * @param[out] pub set to the current public signing key of the exchange + * @param[out] pub set to the current public signing key of the doanu * @param[out] sig signature over purpose using current signing key * @return #TALER_EC_NONE on success */ @@ -114,7 +113,7 @@ DH_keys_donau_sign_ ( * @return #TALER_EC_NONE on success */ #define DH_keys_donau_sign(ps,pub,sig) \ - ({ \ + ({ \ /* check size is set correctly */ \ GNUNET_assert (htonl ((ps)->purpose.size) == \ sizeof (*ps)); \ @@ -153,8 +152,6 @@ DH_handler_keys (struct DH_RequestContext *rc, * Look up the issue for a donation unit public key. * * @param h_du_pub hash of donation unit public key - * @param[in,out] conn used to return status message if NULL is returned - * @param[out] mret set to the MHD status if NULL is returned * @return the donation unit key issue, * or NULL if @a h_du_pub could not be found */ @@ -190,5 +187,18 @@ DH_keys_donation_unit_batch_sign ( const struct DONAU_BkpSignData bkps[num_bkps], struct DONAU_BlindedDonationUnitSignature du_sigs[num_bkps]); +/** + * Request to derive CS @a r_pub using the donation_unit and nonce from @a cdd. + * + * @param h_donation_unit_pub hash to compute @a r_pub from + * @param nonce + * @param[out] r_pub where to write the result + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +DH_keys_donation_unit_cs_r_pub ( + const struct DONAU_DonationUnitHashP *h_donation_unit_pub, + const struct GNUNET_CRYPTO_CsSessionNonce *nonce, + struct GNUNET_CRYPTO_CSPublicRPairP *r_pub); #endif diff --git a/src/donau/donau-httpd_metrics.c b/src/donau/donau-httpd_metrics.c deleted file mode 100644 index a1960a6..0000000 --- a/src/donau/donau-httpd_metrics.c +++ /dev/null @@ -1,165 +0,0 @@ -/* - This file is part of TALER - Copyright (C) 2015-2021 Taler Systems SA - - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU Affero General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. - - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License along with - TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> -*/ -/** - * @file donau-httpd_metrics.c - * @brief Handle /metrics requests - * @author Christian Grothoff - */ -#include <taler/platform.h> -#include <gnunet/gnunet_json_lib.h> -#include <taler/taler_dbevents.h> -// #include "donau-httpd_responses.h" -#include "donau-httpd_keys.h" -#include "donau-httpd_metrics.h" -#include <taler/taler_json_lib.h> -#include <taler/taler_mhd_lib.h> -#include <jansson.h> - - -unsigned long long DH_METRICS_num_requests[DH_MT_REQUEST_COUNT]; - -unsigned long long DH_METRICS_batch_withdraw_num_coins; - -unsigned long long DH_METRICS_num_conflict[DH_MT_REQUEST_COUNT]; - -unsigned long long DH_METRICS_num_signatures[DH_MT_SIGNATURE_COUNT]; - -unsigned long long DH_METRICS_num_verifications[DH_MT_SIGNATURE_COUNT]; - -unsigned long long DH_METRICS_num_keyexchanges[DH_MT_KEYX_COUNT]; - -unsigned long long DH_METRICS_num_success[DH_MT_SUCCESS_COUNT]; - - -MHD_RESULT -DH_handler_metrics (struct DH_RequestContext *rc, - const char *const args[]) -{ - char *reply; - struct MHD_Response *resp; - MHD_RESULT ret; - - (void) args; - GNUNET_asprintf (&reply, - "taler_exchange_success_transactions{type=\"%s\"} %llu\n" - "taler_exchange_success_transactions{type=\"%s\"} %llu\n" - "taler_exchange_success_transactions{type=\"%s\"} %llu\n" - "taler_exchange_success_transactions{type=\"%s\"} %llu\n" - "taler_exchange_success_transactions{type=\"%s\"} %llu\n" - "# HELP taler_exchange_serialization_failures " - " number of database serialization errors by type\n" - "# TYPE taler_exchange_serialization_failures counter\n" - "taler_exchange_serialization_failures{type=\"%s\"} %llu\n" - "taler_exchange_serialization_failures{type=\"%s\"} %llu\n" - "taler_exchange_serialization_failures{type=\"%s\"} %llu\n" - "taler_exchange_serialization_failures{type=\"%s\"} %llu\n" - "# HELP taler_exchange_received_requests " - " number of received requests by type\n" - "# TYPE taler_exchange_received_requests counter\n" - "taler_exchange_received_requests{type=\"%s\"} %llu\n" - "taler_exchange_received_requests{type=\"%s\"} %llu\n" - "taler_exchange_received_requests{type=\"%s\"} %llu\n" - "taler_exchange_received_requests{type=\"%s\"} %llu\n" - "taler_exchange_idempotent_requests{type=\"%s\"} %llu\n" -#if NOT_YET_IMPLEMENTED - "taler_exchange_idempotent_requests{type=\"%s\"} %llu\n" - "taler_exchange_idempotent_requests{type=\"%s\"} %llu\n" -#endif - "taler_exchange_idempotent_requests{type=\"%s\"} %llu\n" - "# HELP taler_exchange_num_signatures " - " number of signatures created by cipher\n" - "# TYPE taler_exchange_num_signatures counter\n" - "taler_exchange_num_signatures{type=\"%s\"} %llu\n" - "taler_exchange_num_signatures{type=\"%s\"} %llu\n" - "taler_exchange_num_signatures{type=\"%s\"} %llu\n" - "# HELP taler_exchange_num_signature_verifications " - " number of signatures verified by cipher\n" - "# TYPE taler_exchange_num_signature_verifications counter\n" - "taler_exchange_num_signature_verifications{type=\"%s\"} %llu\n" - "taler_exchange_num_signature_verifications{type=\"%s\"} %llu\n" - "taler_exchange_num_signature_verifications{type=\"%s\"} %llu\n" - "# HELP taler_exchange_num_keyexchanges " - " number of key exchanges done by cipher\n" - "# TYPE taler_exchange_num_keyexchanges counter\n" - "taler_exchange_num_keyexchanges{type=\"%s\"} %llu\n" - "# HELP taler_exchange_batch_withdraw_num_coins " - " number of coins withdrawn in a batch-withdraw request\n" - "# TYPE taler_exchange_batch_withdraw_num_coins counter\n" - "taler_exchange_batch_withdraw_num_coins{} %llu\n", - "deposit", - DH_METRICS_num_success[DH_MT_SUCCESS_DEPOSIT], - "withdraw", - DH_METRICS_num_success[DH_MT_SUCCESS_WITHDRAW], - "batch-withdraw", - DH_METRICS_num_success[DH_MT_SUCCESS_BATCH_WITHDRAW], - "melt", - DH_METRICS_num_success[DH_MT_SUCCESS_MELT], - "refresh-reveal", - DH_METRICS_num_success[DH_MT_SUCCESS_REFRESH_REVEAL], - "other", - DH_METRICS_num_conflict[DH_MT_REQUEST_OTHER], - "deposit", - DH_METRICS_num_conflict[DH_MT_REQUEST_DEPOSIT], - "withdraw", - DH_METRICS_num_conflict[DH_MT_REQUEST_WITHDRAW], - "melt", - DH_METRICS_num_conflict[DH_MT_REQUEST_MELT], - "other", - DH_METRICS_num_requests[DH_MT_REQUEST_OTHER], - "deposit", - DH_METRICS_num_requests[DH_MT_REQUEST_DEPOSIT], - "withdraw", - DH_METRICS_num_requests[DH_MT_REQUEST_WITHDRAW], - "melt", - DH_METRICS_num_requests[DH_MT_REQUEST_MELT], - "withdraw", - DH_METRICS_num_requests[DH_MT_REQUEST_IDEMPOTENT_WITHDRAW], -#if NOT_YET_IMPLEMENTED - "deposit", - DH_METRICS_num_requests[DH_MT_REQUEST_IDEMPOTENT_DEPOSIT], - "melt", - DH_METRICS_num_requests[DH_MT_REQUEST_IDEMPOTENT_MELT], -#endif - "batch-withdraw", - DH_METRICS_num_requests[ - DH_MT_REQUEST_IDEMPOTENT_BATCH_WITHDRAW], - "rsa", - DH_METRICS_num_signatures[DH_MT_SIGNATURE_RSA], - "cs", - DH_METRICS_num_signatures[DH_MT_SIGNATURE_CS], - "eddsa", - DH_METRICS_num_signatures[DH_MT_SIGNATURE_EDDSA], - "rsa", - DH_METRICS_num_verifications[DH_MT_SIGNATURE_RSA], - "cs", - DH_METRICS_num_verifications[DH_MT_SIGNATURE_CS], - "eddsa", - DH_METRICS_num_verifications[DH_MT_SIGNATURE_EDDSA], - "ecdh", - DH_METRICS_num_keyexchanges[DH_MT_KEYX_ECDH], - DH_METRICS_batch_withdraw_num_coins); - resp = MHD_create_response_from_buffer (strlen (reply), - reply, - MHD_RESPMEM_MUST_FREE); - ret = MHD_queue_response (rc->connection, - MHD_HTTP_OK, - resp); - MHD_destroy_response (resp); - return ret; -} - - -/* end of donau-httpd_metrics.c */ diff --git a/src/donau/donau-httpd_metrics.h b/src/donau/donau-httpd_metrics.h deleted file mode 100644 index ee2149b..0000000 --- a/src/donau/donau-httpd_metrics.h +++ /dev/null @@ -1,136 +0,0 @@ -/* - This file is part of TALER - Copyright (C) 2014--2021 Taler Systems SA - - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU Affero General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. - - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License along with - TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> -*/ -/** - * @file donau-httpd_metrics.h - * @brief Handle /metrics requests - * @author Christian Grothoff - */ -#ifndef DONAU_HTTPD_METRICS_H -#define DONAU_HTTPD_METRICS_H - -#include <gnunet/gnunet_util_lib.h> -#include <microhttpd.h> -#include "donau-httpd.h" - - -/** - * Request types for which we collect metrics. - */ -enum DH_MetricTypeRequest -{ - DH_MT_REQUEST_OTHER = 0, - DH_MT_REQUEST_DEPOSIT = 1, - DH_MT_REQUEST_WITHDRAW = 2, - DH_MT_REQUEST_AGE_WITHDRAW = 3, - DH_MT_REQUEST_MELT = 4, - DH_MT_REQUEST_PURSE_CREATE = 5, - DH_MT_REQUEST_PURSE_MERGE = 6, - DH_MT_REQUEST_RESERVE_PURSE = 7, - DH_MT_REQUEST_PURSE_DEPOSIT = 8, - DH_MT_REQUEST_IDEMPOTENT_DEPOSIT = 9, - DH_MT_REQUEST_IDEMPOTENT_WITHDRAW = 10, - DH_MT_REQUEST_IDEMPOTENT_AGE_WITHDRAW = 11, - DH_MT_REQUEST_IDEMPOTENT_MELT = 12, - DH_MT_REQUEST_IDEMPOTENT_BATCH_WITHDRAW = 13, - DH_MT_REQUEST_BATCH_DEPOSIT = 14, - DH_MT_REQUEST_POLICY_FULFILLMENT = 15, - DH_MT_REQUEST_COUNT = 16 /* MUST BE LAST! */ -}; - -/** - * Success types for which we collect metrics. - */ -enum DH_MetricTypeSuccess -{ - DH_MT_SUCCESS_DEPOSIT = 0, - DH_MT_SUCCESS_WITHDRAW = 1, - DH_MT_SUCCESS_AGE_WITHDRAW = 2, - DH_MT_SUCCESS_BATCH_WITHDRAW = 3, - DH_MT_SUCCESS_MELT = 4, - DH_MT_SUCCESS_REFRESH_REVEAL = 5, - DH_MT_SUCCESS_AGE_WITHDRAW_REVEAL = 6, - DH_MT_SUCCESS_COUNT = 7 /* MUST BE LAST! */ -}; - -/** - * Cipher types for which we collect signature metrics. - */ -enum DH_MetricTypeSignature -{ - DH_MT_SIGNATURE_RSA = 0, - DH_MT_SIGNATURE_CS = 1, - DH_MT_SIGNATURE_EDDSA = 2, - DH_MT_SIGNATURE_COUNT = 3 -}; - -/** - * Cipher types for which we collect key exchange metrics. - */ -enum DH_MetricTypeKeyX -{ - DH_MT_KEYX_ECDH = 0, - DH_MT_KEYX_COUNT = 1 -}; - -/** - * Number of requests handled of the respective type. - */ -extern unsigned long long DH_METRICS_num_requests[DH_MT_REQUEST_COUNT]; - -/** - * Number of successful requests handled of the respective type. - */ -extern unsigned long long DH_METRICS_num_success[DH_MT_SUCCESS_COUNT]; - -/** - * Number of coins withdrawn in a batch-withdraw request - */ -extern unsigned long long DH_METRICS_batch_withdraw_num_coins; - -/** - * Number of serialization errors encountered when - * handling requests of the respective type. - */ -extern unsigned long long DH_METRICS_num_conflict[DH_MT_REQUEST_COUNT]; - -/** - * Number of signatures created by the respective cipher. - */ -extern unsigned long long DH_METRICS_num_signatures[DH_MT_SIGNATURE_COUNT]; - -/** - * Number of signatures verified by the respective cipher. - */ -extern unsigned long long DH_METRICS_num_verifications[DH_MT_SIGNATURE_COUNT]; - -/** - * Number of key exchanges done with the respective cipher. - */ -extern unsigned long long DH_METRICS_num_keyexchanges[DH_MT_KEYX_COUNT]; - -/** - * Handle a "/metrics" request. - * - * @param rc request context - * @param args array of additional options (must be empty for this function) - * @return MHD result code - */ -MHD_RESULT -DH_handler_metrics (struct DH_RequestContext *rc, - const char *const args[]); - - -#endif diff --git a/src/donau/donau-httpd_mhd.c b/src/donau/donau-httpd_mhd.c index baec9f7..0d088ab 100644 --- a/src/donau/donau-httpd_mhd.c +++ b/src/donau/donau-httpd_mhd.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014-2020 Taler Systems SA + Copyright (C) 2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software diff --git a/src/donau/donau-httpd_mhd.h b/src/donau/donau-httpd_mhd.h index e47c410..9c50b6e 100644 --- a/src/donau/donau-httpd_mhd.h +++ b/src/donau/donau-httpd_mhd.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014-2022 Taler Systems SA + Copyright (C) 2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software diff --git a/src/donau/donau-httpd_terms.c b/src/donau/donau-httpd_terms.c index 673392e..8a99fdf 100644 --- a/src/donau/donau-httpd_terms.c +++ b/src/donau/donau-httpd_terms.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2019, 2021 Taler Systems SA + Copyright (C) 2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software @@ -25,7 +25,6 @@ #include <microhttpd.h> #include <taler/taler_mhd_lib.h> #include "donau-httpd_terms.h" -// #include "donau-httpd_responses.h" /** * Our terms of service. diff --git a/src/donau/donau-httpd_terms.h b/src/donau/donau-httpd_terms.h index 8372509..d966bd8 100644 --- a/src/donau/donau-httpd_terms.h +++ b/src/donau/donau-httpd_terms.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2019, 2021 Taler Systems SA + Copyright (C) 2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software @@ -27,7 +27,6 @@ #include <microhttpd.h> #include <taler/taler_mhd_lib.h> #include "donau-httpd.h" -// #include "donau-httpd_responses.h" /** diff --git a/src/donaudb/0002-donation_units.sql b/src/donaudb/0002-donation_units.sql index aa93fdf..874aad5 100644 --- a/src/donaudb/0002-donation_units.sql +++ b/src/donaudb/0002-donation_units.sql @@ -25,7 +25,3 @@ COMMENT ON TABLE donation_units IS 'Main donation_unit table. All the valid donation units the Donau knows about.'; COMMENT ON COLUMN donation_units.value IS 'Value the donation unit has in Taler amount'; - --- CREATE INDEX IF NOT EXISTS donation_units_by_validity_year --- ON donation_units --- (validity_year); diff --git a/src/donaudb/donau-0001.sql b/src/donaudb/donau-0001.sql index dd6d348..21c2044 100644 --- a/src/donaudb/donau-0001.sql +++ b/src/donaudb/donau-0001.sql @@ -1,6 +1,6 @@ -- -- This file is part of TALER --- Copyright (C) 2014--2022 Taler Systems SA +-- Copyright (C) 2024 Taler Systems SA -- -- TALER is free software; you can redistribute it and/or modify it under the -- terms of the GNU General Public License as published by the Free Software diff --git a/src/donaudb/donau-0002.sql.in b/src/donaudb/donau-0002.sql.in index 25a9ea3..7f91f57 100644 --- a/src/donaudb/donau-0002.sql.in +++ b/src/donaudb/donau-0002.sql.in @@ -1,6 +1,6 @@ -- -- This file is part of TALER --- Copyright (C) 2014--2023 Taler Systems SA +-- Copyright (C) 2024 Taler Systems SA -- -- TALER is free software; you can redistribute it and/or modify it under the -- terms of the GNU General Public License as published by the Free Software diff --git a/src/donaudb/donau_do_amount_specific.sql b/src/donaudb/donau_do_amount_specific.sql index bfa5efa..fa32a29 100644 --- a/src/donaudb/donau_do_amount_specific.sql +++ b/src/donaudb/donau_do_amount_specific.sql @@ -1,6 +1,6 @@ -- -- This file is part of TALER --- Copyright (C) 2014--2022 Taler Systems SA +-- Copyright (C) 2024 Taler Systems SA -- -- TALER is free software; you can redistribute it and/or modify it under the -- terms of the GNU General Public License as published by the Free Software diff --git a/src/donaudb/pg_commit.c b/src/donaudb/pg_commit.c index 930ecd0..7397e7b 100644 --- a/src/donaudb/pg_commit.c +++ b/src/donaudb/pg_commit.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2022 Taler Systems SA + Copyright (C) 2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software diff --git a/src/donaudb/pg_commit.h b/src/donaudb/pg_commit.h index 6e81f43..ae2856b 100644 --- a/src/donaudb/pg_commit.h +++ b/src/donaudb/pg_commit.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2022 Taler Systems SA + Copyright (C) 2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software diff --git a/src/donaudb/pg_create_tables.c b/src/donaudb/pg_create_tables.c index 6991694..a2d3d94 100644 --- a/src/donaudb/pg_create_tables.c +++ b/src/donaudb/pg_create_tables.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2022 Taler Systems SA + Copyright (C) 2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -16,7 +16,7 @@ /** * @file donaudb/pg_create_tables.c * @brief Implementation of the create_tables function for Postgres - * @author Christian Grothoff + * @author Johannes Casaburi */ #include <taler/platform.h> #include <taler/taler_error_codes.h> diff --git a/src/donaudb/pg_create_tables.h b/src/donaudb/pg_create_tables.h index f937a57..aaaed30 100644 --- a/src/donaudb/pg_create_tables.h +++ b/src/donaudb/pg_create_tables.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2022 Taler Systems SA + Copyright (C) 2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -16,7 +16,7 @@ /** * @file donaudb/pg_create_tables.h * @brief implementation of the create_tables function for Postgres - * @author Christian Grothoff + * @author Johannes Casaburi */ #ifndef PG_CREATE_TABLES_H #define PG_CREATE_TABLES_H diff --git a/src/donaudb/pg_get_history.c b/src/donaudb/pg_get_history.c index 88ef36e..b046937 100644 --- a/src/donaudb/pg_get_history.c +++ b/src/donaudb/pg_get_history.c @@ -57,7 +57,7 @@ struct GetHistoryContext /** * Invoke the callback for each result. * - * @param cls a `struct MissingWireContext *` + * @param cls a `struct GetHistoryContext *` * @param result SQL result * @param num_results number of rows in @a result */ diff --git a/src/donaudb/pg_get_history.h b/src/donaudb/pg_get_history.h index c017aaf..f79c1f7 100644 --- a/src/donaudb/pg_get_history.h +++ b/src/donaudb/pg_get_history.h @@ -24,16 +24,16 @@ #include "donaudb_plugin.h" /** - * Obtain information about the enabled wire accounts of the exchange. + * Obtain history of charities. * * @param cls closure - * @param cb function to call on each account + * @param cb function to call on each result * @param cb_cls closure for @a cb * @return transaction status code */ enum GNUNET_DB_QueryStatus DH_PG_get_history (void *cls, - DONAUDB_GetHistoryCallback cb, - void *cb_cls); + DONAUDB_GetHistoryCallback cb, + void *cb_cls); #endif diff --git a/src/donaudb/pg_insert_donation_unit.h b/src/donaudb/pg_insert_donation_unit.h index 8a5f847..7426e48 100644 --- a/src/donaudb/pg_insert_donation_unit.h +++ b/src/donaudb/pg_insert_donation_unit.h @@ -29,10 +29,10 @@ * Add donation unit key. * * @param cls closure - * @param donation_unit_pub the actual donation_unit key * @param donation_unit_hash hash of the public key - * @param value value that the donation unit represents + * @param donation_unit_pub the actual donation_unit key * @param validity_year validity year + * @param value value that the donation unit represents * @return transaction status code */ enum GNUNET_DB_QueryStatus diff --git a/src/donaudb/pg_insert_submitted_receipts.h b/src/donaudb/pg_insert_submitted_receipts.h index 630a1fe..b837e2c 100644 --- a/src/donaudb/pg_insert_submitted_receipts.h +++ b/src/donaudb/pg_insert_submitted_receipts.h @@ -31,6 +31,7 @@ * * @param cls closure * @param h_donor_tax_id salted hash of the donors tax number + * @param num_dr number of donation receipts * @param donation_receipts array of donation receipts * @param donation_year year of the donation * @return transaction status code diff --git a/src/donaudb/pg_iterate_submitted_receipts.h b/src/donaudb/pg_iterate_submitted_receipts.h index 14644f8..6c6168b 100644 --- a/src/donaudb/pg_iterate_submitted_receipts.h +++ b/src/donaudb/pg_iterate_submitted_receipts.h @@ -29,8 +29,7 @@ * @param cls closure * @param donation_year donation year * @param h_donor_tax_id hash of donor tax id - * @param cb function to call on each account - * @param cb_cls closure for @a cb + * @param[out] total_donations amount of total donations * @return transaction status code */ enum GNUNET_DB_QueryStatus diff --git a/src/donaudb/pg_lookup_charity.h b/src/donaudb/pg_lookup_charity.h index cbd0585..8f2abba 100644 --- a/src/donaudb/pg_lookup_charity.h +++ b/src/donaudb/pg_lookup_charity.h @@ -25,10 +25,11 @@ #include <taler/taler_json_lib.h> #include "donaudb_plugin.h" /** - * Fetch information about a donation unit key. + * Fetch information about a charity. * * @param cls the @e cls of this struct with the plugin-specific state - * @param[out] info information with value and other info about the coin + * @param charity_id the charity id + * @param meta charity meta data information * @return transaction status code */ enum GNUNET_DB_QueryStatus diff --git a/src/donaudb/pg_lookup_issued_receipts.h b/src/donaudb/pg_lookup_issued_receipts.h index e80ccf2..d79e349 100644 --- a/src/donaudb/pg_lookup_issued_receipts.h +++ b/src/donaudb/pg_lookup_issued_receipts.h @@ -28,7 +28,8 @@ * Fetch information about an issued receipts request. * * @param cls the @e cls of this struct with the plugin-specific state - * @param[out] info information with value and other info about the issued receipts + * @param h_receipts hash over the issued receipt + * @param meta information with value and other info about the issued receipts * @return transaction status code */ enum GNUNET_DB_QueryStatus @@ -36,4 +37,5 @@ DH_PG_lookup_issued_receipts ( void *cls, struct DONAU_DonationReceiptHashP *h_receipts, struct DONAUDB_IssuedReceiptsMetaData *meta); + #endif diff --git a/src/donaudb/test_donaudb.c b/src/donaudb/test_donaudb.c index 9681c25..856305c 100644 --- a/src/donaudb/test_donaudb.c +++ b/src/donaudb/test_donaudb.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014-2023 Taler Systems SA + Copyright (C) 2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -16,9 +16,7 @@ /** * @file donaudb/test_donaudb.c * @brief test cases for DB interaction functions - * @author Sree Harsha Totakura - * @author Christian Grothoff - * @author Marcello Stanisci + * @author Johannes Casaburi */ #include <taler/platform.h> #include <taler/taler_json_lib.h> @@ -34,25 +32,25 @@ static int result; * Report line of error if @a cond is true, and jump to label "drop". */ #define FAILIF(cond) \ - do { \ - if (! (cond)) { break;} \ - GNUNET_break (0); \ - goto drop; \ - } while (0) + do { \ + if (! (cond)) { break;} \ + GNUNET_break (0); \ + goto drop; \ + } while (0) /** * Initializes @a ptr with random data. */ #define RND_BLK(ptr) \ - GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, ptr, sizeof (* \ - ptr)) + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, ptr, sizeof (* \ + ptr)) /** * Initializes @a ptr with zeros. */ #define ZR_BLK(ptr) \ - memset (ptr, 0, sizeof (*ptr)) + memset (ptr, 0, sizeof (*ptr)) /** diff --git a/src/include/donau_crypto_lib.h b/src/include/donau_crypto_lib.h index bc3049d..057c78a 100644 --- a/src/include/donau_crypto_lib.h +++ b/src/include/donau_crypto_lib.h @@ -654,6 +654,19 @@ DONAU_donation_unit_ewv_rsa_singleton (void); /** + * Make a (deep) copy of the given @a bi_src to + * @a bi_dst. + * + * @param[out] bi_dst target to copy to + * @param bi_src blinding input values to copy + */ +void +DONAU_donation_unit_ewv_copy ( + struct DONAU_BatchIssueValues *bi_dst, + const struct DONAU_BatchIssueValues *bi_src); + + +/** * Blind udi for blind signing with @a du_pub using blinding secret @a budi_secret. * * NOTE: As a particular oddity, the @a budi is only partially diff --git a/src/include/donau_service.h b/src/include/donau_service.h index 722f321..d68c2ec 100644 --- a/src/include/donau_service.h +++ b/src/include/donau_service.h @@ -751,13 +751,13 @@ typedef void * In this case, the callback is not called. */ struct DONAU_CsRBatchIssueHandle * -DONAU_csr_batch_issue ( - struct GNUNET_CURL_Context *curl_ctx, - const char *donau_url, +DONAU_csr_issue ( + struct GNUNET_CURL_Context *ctx, + const char *url, const struct DONAU_DonationUnitPublicKey *pk, - const struct GNUNET_CRYPTO_CsBlindingNonce nonce, - DONAU_CsRBatchIssueCallback res_cb, - void *res_cb_cls); + const struct GNUNET_CRYPTO_CsSessionNonce *nonce, + DONAU_CsRBatchIssueCallback cb, + void *cb_cls); /** @@ -768,7 +768,7 @@ DONAU_csr_batch_issue ( * @param csrh the batch-issue handle */ void -DONAU_csr_batch_issue_cancel ( +DONAU_csr_cancel ( struct DONAU_CsRBatchIssueHandle *csrh); diff --git a/src/include/donau_testing_lib.h b/src/include/donau_testing_lib.h index 0681faa..a23a6db 100644 --- a/src/include/donau_testing_lib.h +++ b/src/include/donau_testing_lib.h @@ -117,6 +117,7 @@ TALER_TESTING_cmd_charities_get (const char *label, * * @param label the command label. * @param charity_reference reference for traits + * @param uses_cs true for cs and false for rsa. * @param year current year (mostly) * @param donor_tax_id tax id of the donor * @param salt for tax id hash @@ -126,6 +127,7 @@ TALER_TESTING_cmd_charities_get (const char *label, struct TALER_TESTING_Command TALER_TESTING_cmd_issue_receipts (const char *label, const char *charity_reference, + const bool uses_cs, const uint64_t year, const char *donor_tax_id, const char *salt, @@ -143,9 +145,9 @@ TALER_TESTING_cmd_issue_receipts (const char *label, */ struct TALER_TESTING_Command TALER_TESTING_cmd_submit_receipts (const char *label, - const char *issue_receipt_reference, - const uint64_t year, - unsigned int expected_response_code); + const char *issue_receipt_reference, + const uint64_t year, + unsigned int expected_response_code); /** diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index f594508..426bb0b 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -27,7 +27,8 @@ libdonau_la_SOURCES = \ donau_api_charities_get.c \ donau_api_curl_defaults.c donau_api_curl_defaults.h \ donau_api_batch_issue_receipts.c \ - donau_api_batch_submit_receipts.c + donau_api_batch_submit_receipts.c \ + donau_api_csr_post.c ## maybe need libtalercurl libdonau_la_LIBADD = \ diff --git a/src/lib/donau_api_batch_submit_receipts.c b/src/lib/donau_api_batch_submit_receipts.c index d0ddfe3..1647230 100644 --- a/src/lib/donau_api_batch_submit_receipts.c +++ b/src/lib/donau_api_batch_submit_receipts.c @@ -93,7 +93,7 @@ submit_request_body_to_json (const size_t num_drs, &drs[i].h_donation_unit_pub), GNUNET_JSON_pack_data_auto ("nonce", &drs[i].nonce), - DONAU_JSON_pack_donation_unit_sig ("donau_sig", + DONAU_JSON_pack_donation_unit_sig ("donation_unit_sig", &drs[i].donation_unit_sig)); GNUNET_assert (0 == json_array_append_new (donation_receipts, @@ -102,7 +102,7 @@ submit_request_body_to_json (const size_t num_drs, return GNUNET_JSON_PACK ( GNUNET_JSON_pack_array_steal ("donation_receipts", donation_receipts), - GNUNET_JSON_pack_data_auto ("h_tax_number", + GNUNET_JSON_pack_data_auto ("h_donor_tax_id", h_tax_id), GNUNET_JSON_pack_uint64 ("donation_year", year)); diff --git a/src/lib/donau_api_csr_post.c b/src/lib/donau_api_csr_post.c new file mode 100644 index 0000000..4dddf13 --- /dev/null +++ b/src/lib/donau_api_csr_post.c @@ -0,0 +1,230 @@ +/* + This file is part of TALER + Copyright (C) 2024 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + TALER is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public + License along with TALER; see the file COPYING. If not, see + <http://www.gnu.org/licenses/> +*/ + +/** + * @file lib/donau_api_csr_post.c + * @brief Implementation of the "handle" component of the donau's HTTP API + * @author Lukas Matyja + */ +#include <gnunet/gnunet_curl_lib.h> +#include <taler/taler_json_lib.h> +#include <taler/taler_curl_lib.h> +#include "donau_service.h" +#include "donau_api_curl_defaults.h" +#include "donau_json_lib.h" + + +/** + * Handle for a POST /csr-issue request. + */ +struct DONAU_CsRBatchIssueHandle +{ + /** + * The url for the /csr-issue request. + */ + char *url; + + /** + * Minor context that holds body and headers. + */ + struct TALER_CURL_PostContext post_ctx; + + /** + * Entry for this request with the `struct GNUNET_CURL_Context`. + */ + struct GNUNET_CURL_Job *job; + + /** + * Function to call with the result. + */ + DONAU_CsRBatchIssueCallback cb; + + /** + * Closure to pass to @e cb. + */ + void *cb_cls; + + /** + * Reference to the execution context. + */ + struct GNUNET_CURL_Context *ctx; + +}; + +/** + * Function called when we're done processing the + * HTTP POST /csr-issue request. + * + * @param cls the `struct KeysRequest` + * @param response_code HTTP response code, 0 on error + * @param resp_obj parsed JSON result, NULL on error + */ +static void +handle_csr_issue_post_finished (void *cls, + long response_code, + const void *resp_obj) +{ + struct DONAU_CsRBatchIssueHandle *csrh = cls; + const json_t *j = resp_obj; + + struct DONAU_CsRBatchIssueResponse csrresp = { + .hr.reply = j, + .hr.http_status = (unsigned int) response_code + }; + + csrh->job = NULL; + switch (response_code) + { + case MHD_HTTP_CREATED: + struct GNUNET_JSON_Specification spec[] = { + TALER_JSON_spec_exchange_withdraw_values ( // TODO: method for GNUNET + "ewv", + (struct TALER_ExchangeWithdrawValues *) &csrresp.details.ok.alg_values), + GNUNET_JSON_spec_end () + }; + if (GNUNET_OK != + GNUNET_JSON_parse (j, + spec, + NULL, + NULL)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Could not parse response from csr POST\n"); + GNUNET_break_op (0); + } + csrh->cb (csrh->cb_cls, + &csrresp); + break; + // Donation unit was revoked. + case MHD_HTTP_GONE: + csrresp.hr.ec = TALER_JSON_get_error_code (j); + csrresp.hr.hint = TALER_JSON_get_error_hint (j); + break; + // Donation unit or endpoint not found. + case MHD_HTTP_NOT_FOUND: + csrresp.hr.ec = TALER_JSON_get_error_code (j); + csrresp.hr.hint = TALER_JSON_get_error_hint (j); + break; + case MHD_HTTP_BAD_REQUEST: + csrresp.hr.ec = TALER_JSON_get_error_code (j); + csrresp.hr.hint = TALER_JSON_get_error_hint (j); + break; + default: + /* unexpected response code */ + GNUNET_break_op (0); + csrresp.hr.ec = TALER_JSON_get_error_code (j); + csrresp.hr.hint = TALER_JSON_get_error_hint (j); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unexpected response code %u/%d for POST %s\n", + (unsigned int) response_code, + (int) csrresp.hr.ec, + csrh->url); + break; + } + if (NULL != csrh->cb) + { + csrh->cb (csrh->cb_cls, + &csrresp); + csrh->cb = NULL; + } + DONAU_csr_cancel (csrh); +} + + +struct DONAU_CsRBatchIssueHandle * +DONAU_csr_issue ( + struct GNUNET_CURL_Context *ctx, + const char *url, + const struct DONAU_DonationUnitPublicKey *pk, + const struct GNUNET_CRYPTO_CsSessionNonce *nonce, + DONAU_CsRBatchIssueCallback cb, + void *cb_cls) +{ + struct DONAU_CsRBatchIssueHandle *csrh; + CURL *eh; + json_t *body; + + struct DONAU_DonationUnitHashP h_donation_unit_pub; + DONAU_donation_unit_pub_hash (pk, + &h_donation_unit_pub); + + TALER_LOG_DEBUG ("Connecting to the donau (%s)\n", + url); + csrh = GNUNET_new (struct DONAU_CsRBatchIssueHandle); + csrh->url = GNUNET_strdup (url); + csrh->cb = cb; + csrh->cb_cls = cb_cls; + csrh->ctx = ctx; + csrh->url = TALER_url_join (url, + "csr-issue", + NULL); + if (NULL == csrh->url) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Could not construct requested URL.\n"); + GNUNET_free (csrh); + return NULL; + } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Request CS R with URL `%s'.\n", + csrh->url); + body = GNUNET_JSON_PACK ( + GNUNET_JSON_pack_data_varsize ("nonce", + nonce, + sizeof(*nonce)), + GNUNET_JSON_pack_data_varsize ("du_pub_hash", + &h_donation_unit_pub, + sizeof(h_donation_unit_pub))); + eh = DONAU_curl_easy_get_ (csrh->url); + if ( (NULL == eh) || + (GNUNET_OK != + TALER_curl_easy_post (&csrh->post_ctx, + eh, + body)) ) + { + GNUNET_break (0); + if (NULL != eh) + curl_easy_cleanup (eh); + json_decref (body); + GNUNET_free (csrh->url); + return NULL; + } + json_decref (body); + csrh->job = GNUNET_CURL_job_add2 (ctx, + eh, + csrh->post_ctx.headers, + &handle_csr_issue_post_finished, + csrh); + return csrh; +} + + +void +DONAU_csr_cancel ( + struct DONAU_CsRBatchIssueHandle *csrh) +{ + if (NULL != csrh->job) + { + GNUNET_CURL_job_cancel (csrh->job); + csrh->job = NULL; + } + TALER_curl_easy_post_finished (&csrh->post_ctx); + GNUNET_free (csrh->url); + GNUNET_free (csrh); +} diff --git a/src/testing/test_donau_api.c b/src/testing/test_donau_api.c index 427684e..983122b 100644 --- a/src/testing/test_donau_api.c +++ b/src/testing/test_donau_api.c @@ -45,11 +45,7 @@ static char *config_file; static struct TALER_TESTING_Credentials cred; /** - * Some tests behave differently when using CS as we cannot - * reuse the coin private key for different denominations - * due to the derivation of it with the /csr values. Hence - * some tests behave differently in CS mode, hence this - * flag. + * Issue receipts tests behave differently when using CS. */ static bool uses_cs; @@ -94,6 +90,7 @@ run (void *cls, // FIXME TALER_TESTING_cmd_issue_receipts ("issue-receipts", "post-charity", + uses_cs, 2024, "7560001010000", // tax id "1234", // salt for tax id hash diff --git a/src/testing/testing_api_cmd_issue_receipts.c b/src/testing/testing_api_cmd_issue_receipts.c index c396d52..4b61341 100644 --- a/src/testing/testing_api_cmd_issue_receipts.c +++ b/src/testing/testing_api_cmd_issue_receipts.c @@ -34,7 +34,7 @@ struct StatusState { /** - * Handle to the "charity status" operation. + * Handle to the "batch issue receipt status" operation. */ struct DONAU_BatchIssueReceiptHandle *birh; @@ -44,16 +44,15 @@ struct StatusState const char *charity_reference; /** - * Private key of the charity, for signature. - */ - struct DONAU_CharityPrivateKeyP charity_priv; - - /** * Expected HTTP response code. */ unsigned int expected_response_code; /** + */ + bool uses_cs; + + /** * Interpreter state. */ struct TALER_TESTING_Interpreter *is; @@ -69,6 +68,11 @@ struct StatusState unsigned long long year; /** + * Private key of the charity, for signature. + */ + struct DONAU_CharityPrivateKeyP charity_priv; + + /** * number of budi key pair. */ size_t num_bkp; @@ -107,6 +111,35 @@ struct StatusState * Array of hashed udis. */ struct DONAU_UniqueDonorIdentifierHashP *h_udis; + + /** + * Number of pending CS requests. + */ + size_t cs_pending; +}; + + +struct CSR_Data +{ + /** + * Handle to the "batch issue receipt status" operation. + */ + struct DONAU_CsRBatchIssueHandle *csr_handle; + + /** + * CS-Nonce + */ + union GNUNET_CRYPTO_BlindSessionNonce nonce; + + /** + * batch issue receipt status state + */ + struct StatusState *ss; + + /** + * array position in batch issue receipt request (first position is zero) + */ + size_t position; }; @@ -157,6 +190,106 @@ issue_receipts_status_cb (void *cls, /** + * Runs phase two, the actual issue receipts operation. + * Started once the preparation for CS-donation-units is + * done. + * @param cls closure. + */ +static void +phase_two (void *cls) +{ + struct StatusState *ss = cls; + const struct DONAU_BlindedUniqueDonorIdentifierKeyPair *bkps = ss->bkps; + ss->birh = DONAU_charity_issue_receipt ( + TALER_TESTING_interpreter_get_context (ss->is), + TALER_TESTING_get_donau_url (ss->is), + &ss->charity_priv, + ss->charity_id, + ss->year, + ss->num_bkp, + bkps, + &issue_receipts_status_cb, + ss); +} + + +/** + * Function called when stage 1 of CS issue is finished (request r_pub's) + * + * @param cls the `struct CSR_Data *` + * @param csrresp replies from the /csr-issue request + */ +static void +cs_stage_two_callback ( + void *cls, + const struct DONAU_CsRBatchIssueResponse *csrresp) +{ + struct CSR_Data *csr_data = cls; + struct DONAU_BlindedUniqueDonorIdentifier *blinded_udi = + &csr_data->ss->bkps[csr_data->position].blinded_udi; + + /* ignore multiple callbacks from the same csr request by checking + if the corresponding blinded message is already initialized */ + if (NULL != blinded_udi->blinded_message) + { + return; + } + + if (csrresp->hr.http_status != MHD_HTTP_CREATED) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unexpected HTTP response code: %d in %s:%u\n", + csrresp->hr.http_status, + __FILE__, + __LINE__); + json_dumpf (csrresp->hr.reply, + stderr, + 0); + TALER_TESTING_interpreter_fail (csr_data->ss->is); + return; + } + + struct DONAU_DonationUnitPublicKey *cs_pk = + &csr_data->ss->keys->donation_unit_keys[csr_data->position].key; + struct DONAU_BatchIssueValues *alg_values = GNUNET_new (struct + DONAU_BatchIssueValues); + struct DONAU_BudiMasterSecretP ps; + struct DONAU_UniqueDonorIdentifierHashP *udi_hash = csr_data->ss->h_udis; + union GNUNET_CRYPTO_BlindingSecretP *blinding_secret = + &csr_data->ss->blinding_secrets[csr_data->position]; + struct DONAU_UniqueDonorIdentifierNonce *udi_nonce = + &csr_data->ss->receipts[csr_data->position].nonce; + + GNUNET_assert (GNUNET_CRYPTO_BSA_CS == cs_pk->bsign_pub_key->cipher); + + DONAU_donation_unit_ewv_copy (alg_values, + &csrresp->details.ok. + alg_values); + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &ps, + sizeof (ps)); + DONAU_budi_secret_create (&ps, + alg_values, + blinding_secret); + GNUNET_assert (GNUNET_OK == + DONAU_donation_unit_blind ( + cs_pk, + blinding_secret, + &csr_data->nonce, /* nonce only needed for cs */ + udi_nonce, + csr_data->ss->h_donor_tax_id, + alg_values, + udi_hash, + blinded_udi)); + csr_data->ss->alg_values[csr_data->position] = alg_values; + csr_data->ss->cs_pending--; + if (0 == csr_data->ss->cs_pending) + phase_two (csr_data->ss); + // GNUNET_free (csr_data); +} + + +/** * Run the command. * * @param cls closure. @@ -222,11 +355,13 @@ status_run (void *cls, ss->receipts = GNUNET_new_array (ss->num_bkp, struct DONAU_DonationReceipt); ss->alg_values = - GNUNET_new_array (ss->num_bkp, const struct DONAU_BatchIssueValues*); + GNUNET_new_array (ss->num_bkp, const struct DONAU_BatchIssueValues *); ss->h_udis = GNUNET_new_array (ss->num_bkp, struct DONAU_UniqueDonorIdentifierHashP); for (size_t cnt = 0; cnt < ss->num_bkp; cnt++) { + DONAU_donation_unit_pub_hash (&ss->keys->donation_unit_keys[0].key, + &ss->bkps[cnt].h_donation_unit_pub); struct DONAU_UniqueDonorIdentifierNonce *udi_nonce = &ss->receipts[cnt].nonce; struct DONAU_BudiMasterSecretP ps; @@ -234,43 +369,57 @@ status_run (void *cls, struct DONAU_BlindedUniqueDonorIdentifier *blinded_udi = &ss->bkps[cnt].blinded_udi; struct DONAU_UniqueDonorIdentifierHashP *udi_hash = ss->h_udis; - alg_values = DONAU_donation_unit_ewv_rsa_singleton (); // FIXME: support cs and rsa - GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, &ps, sizeof (ps)); - DONAU_budi_secret_create (&ps, - alg_values, - &ss->blinding_secrets[cnt]); GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, udi_nonce, sizeof (*udi_nonce)); - GNUNET_assert (GNUNET_OK == - DONAU_donation_unit_blind ( - &ss->keys->donation_unit_keys[0].key, - &ss->blinding_secrets[cnt], - NULL, /* no cs-nonce needed for rsa */ - udi_nonce, - ss->h_donor_tax_id, - alg_values, - udi_hash, - blinded_udi)); - ss->alg_values[cnt] = alg_values; - DONAU_donation_unit_pub_hash (&ss->keys->donation_unit_keys[0].key, - &ss->bkps[cnt].h_donation_unit_pub); + switch (ss->keys->donation_unit_keys[0].key.bsign_pub_key->cipher) + { + case GNUNET_CRYPTO_BSA_RSA: + alg_values = DONAU_donation_unit_ewv_rsa_singleton (); + DONAU_budi_secret_create (&ps, + alg_values, + &ss->blinding_secrets[cnt]); + GNUNET_assert (GNUNET_OK == + DONAU_donation_unit_blind ( + &ss->keys->donation_unit_keys[0].key, + &ss->blinding_secrets[cnt], + NULL, /* no cs-nonce needed for rsa */ + udi_nonce, + ss->h_donor_tax_id, + alg_values, + udi_hash, + blinded_udi)); + ss->alg_values[cnt] = alg_values; + break; + case GNUNET_CRYPTO_BSA_CS: + struct CSR_Data *csr_data = GNUNET_new (struct CSR_Data); + TALER_cs_withdraw_nonce_derive ( // TODO: write new method + (struct TALER_PlanchetMasterSecretP *) &ps, + &csr_data->nonce.cs_nonce); + csr_data->ss = ss; + csr_data->position = cnt; + csr_data->csr_handle = DONAU_csr_issue ( + TALER_TESTING_interpreter_get_context (is), + TALER_TESTING_get_donau_url (is), + &ss->keys->donation_unit_keys[0].key, + &csr_data->nonce.cs_nonce, + &cs_stage_two_callback, + csr_data); + if (NULL == csr_data->csr_handle) + { + GNUNET_break (0); + } + ss->cs_pending++; + break; + default: + GNUNET_break (0); + } } - const struct DONAU_BlindedUniqueDonorIdentifierKeyPair *bkps = ss->bkps; - ss->birh = DONAU_charity_issue_receipt ( - TALER_TESTING_interpreter_get_context (is), - TALER_TESTING_get_donau_url (is), - &ss->charity_priv, - ss->charity_id, - ss->year, - ss->num_bkp, - bkps, - &issue_receipts_status_cb, - ss); - + if (0 == ss->cs_pending) + phase_two (ss); } @@ -328,10 +477,10 @@ issue_receipts_traits (void *cls, struct StatusState *ss = cls; struct TALER_TESTING_Trait traits[] = { TALER_TESTING_make_trait_salted_tax_id_hash ( - (const struct DONAU_HashDonorTaxId *) ss->h_donor_tax_id), - TALER_TESTING_make_trait_donation_receipts ( - (const struct DONAU_DonationReceipt **) &ss->receipts), - TALER_TESTING_make_trait_number_receipts ((const size_t *) &ss->num_bkp), + (const struct DONAU_HashDonorTaxId *) ss->h_donor_tax_id), + TALER_TESTING_make_trait_donation_receipts ( + (const struct DONAU_DonationReceipt **) &ss->receipts), + TALER_TESTING_make_trait_number_receipts ((const size_t *) &ss->num_bkp), TALER_TESTING_trait_end () }; @@ -345,6 +494,7 @@ issue_receipts_traits (void *cls, struct TALER_TESTING_Command TALER_TESTING_cmd_issue_receipts (const char *label, const char *charity_reference, + const bool uses_cs, const uint64_t year, const char *donor_tax_id, const char *salt, @@ -358,6 +508,7 @@ TALER_TESTING_cmd_issue_receipts (const char *label, ss->charity_reference = charity_reference; ss->expected_response_code = expected_response_code; ss->num_bkp = 3; + ss->uses_cs = uses_cs; struct DONAU_HashDonorTaxId h_donor_tax_id; struct GNUNET_HashContext *hash_context; hash_context = GNUNET_CRYPTO_hash_context_start (); diff --git a/src/util/donau_crypto.c b/src/util/donau_crypto.c index 087aba9..40fc1b7 100644 --- a/src/util/donau_crypto.c +++ b/src/util/donau_crypto.c @@ -289,4 +289,18 @@ DONAU_donation_unit_ewv_rsa_singleton () .blinding_inputs = &bi }; return &alg_values; +} + + +void +DONAU_donation_unit_ewv_copy (struct DONAU_BatchIssueValues *bi_dst, + const struct DONAU_BatchIssueValues *bi_src) +{ + if (bi_src == DONAU_donation_unit_ewv_rsa_singleton ()) + { + *bi_dst = *bi_src; + return; + } + bi_dst->blinding_inputs + = GNUNET_CRYPTO_blinding_input_values_incref (bi_src->blinding_inputs); }
\ No newline at end of file |